With GitHub passkeys, accessing your GitHub account on your devices has never been this easy, secure, and convenient. Here’s how you can get started.
Get Familiar Authenticating With Passkeys
Passkeys allow you to securely log in to GitHub without using a password. This method of authenticating is less vulnerable to phishing attacks and data breaches.
Passkeys are unique to each device and website. This means that if somebody obtains your passkey, they cannot use it to access any other accounts. Also, your passkeys are resistant to phishing attacks because you do not enter them into a text field. Instead, your device verifies them.
It’s easy to set up a passkey for your GitHub account.
1. Generate a Passkey on Your Device
To set up and generate a passkey for your GitHub account, log in to GitHub with your existing authentication method on the device and navigate to the settings page.
From the Password and authentication page, you can generate/add and name a new passkey following the series of prompts.
You will then choose which of your devices you want to create and save the passkey on.
GitHub’s passkey feature also supports saving your passkey on an external USB security key/dongle. With the pros of a security key like 2FA authentication, you can store your passkeys on one. All you need to do is select the option for security key and plug in the security key to your computer. You will then have the option to save the passkey on the device.
Make sure you use good, descriptive names for your passkeys so you can recognize them in the future. You can add several passkeys for the same account.
Notice the synced tag on the second passkey. This means your password provider has synced your passkey to another device, allowing you to use the passkey from that device. In this case, iCloud has synced the password across all the devices logged in to that iCloud account.
You can use the passkey stored on your mobile phone to log in on your desktop computer by scanning a QR code. The process will detect your phone by proximity, recognize you as the user, and sign you in.
This is super helpful, as you can use one passkey for any of your devices and never have to worry about being locked out. Be sure to look out for the synced tag, as this mechanism is not always supported.
2. Log In to GitHub With Your Passkey
Now you have your passkey/passkeys set up and saved. You can log in to your account using the keys.
Test it out and attempt to log in to your GitHub account from an incognito window.
You can choose to log in with any of the multiple passkeys added to your account. As long as that device has access (or is synced) to the key.
The most exciting part of using the GitHub passkeys is that it allows you to verify your passkeys by taking advantage of the biometric features on your device.
With that, you have successfully created a passkey for your GitHub account, saved it, and logged in to the account without a password using GitHub passkeys.
You can also easily test logging in from your mobile device.
Can I Still Use My GitHub Passkey if I Lose My Device?
Don’t worry if you lose your device and need to access your account. You can simply sign in with your existing username and password. However, you should delete the passkey used on the lost device and register a new one with your new device.
Here are the steps to delete your GitHub Passkey from your lost device:
- Go to your GitHub profile settings.
- In the Access section of the sidebar, click Password and authentication.
- To the right of the passkey that you want to remove, click Delete and follow through.
You can now generate a new passkey for your device.
Eliminate Login Problems With the Power of Passkeys
Passkeys are the future of secure logins, and GitHub is taking advantage of this. With passkeys, you can log in to GitHub without a password, allowing for a simpler, more convenient, and even more secure experience. You should consider using this feature if you’re not already.