Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview


GitHub Passkeys provide a secure method for signing into GitHub.com without the need for a password. For those utilizing two-factor authentication (2FA), a passkey fulfills both the password and 2FA criteria, streamlining the sign-in process to just one step. 

Info
titlePlease Note:

In order to set up passkey, your GitHub 2FA must be configured first.


On This Page


Table of Contents
minLevel3



Setup Passkey for YubiKey


GitHub Passkeys offer a seamless and secure sign-in experience on GitHub.com, eliminating the need for password input. When combined with two-factor authentication (2FA), a passkey acts as both the password and 2FA, granting access in a single step.Distinct from regular security keys, passkeys validate your identity based on "something you know" (like a PIN) or "something you are" (biometric data like a fingerprint). Signing in with a passkey engages your device's native authentication, such as your YubiKey, unlocking a private key that GitHub authenticates. Notably, once a synced passkey is established on a device, it's usable across any device sharing that passkey provider.

Warning

You will not be able to set up a passkey until you have 2FA set up on your GitHub account. 

How to Add a Passkey to Your GitHub Account:

  1. Access Settings:

    • Click your profile photo on the upper-right corner of any GitHub page and select Settings.

  2. Navigate to Authentication:

    • In the sidebar's Access section, choose Password and authentication.

  3. Initiate Passkey Setup:

    • Under "Passkeys", select Add a passkey. Authenticate if prompted using your password or another existing method.

  4. Configure Authentication:

    • Under “Configure passwordless authentication”, click Add passkey and follow your passkey provider's instructions.

  5. Confirmation:

    • After successfully registering your passkey, you'll see a confirmation page. Click Done.


Setup 2FA for GitHub Using Microsoft Authenticator App


Two-factor authentication (2FA) on GitHub is a secure method that requires both a password and an authentication code generated by an app on your mobile device to sign in. To bolster security, we recommend setting up 2FA using a time-based one-time password (TOTP) application, like Microsoft Authenticator App, instead of SMS. Microsoft Authenticator generates authentication codes that change over time and provide a more reliable experience.

Steps to Enable 2FA on GitHub

using TOTP

:

  1. Download a TOTP app:

  2. Navigate to Settings:

    • On GitHub, click your profile photo at the upper-right corner, and then select Settings.

  3. Access Two-Factor Settings:

    • In the sidebar's Access section, choose Password and authentication. Click Enable two-factor authentication in the "Two-factor authentication" section.

  4. Setup Authenticator App:

    • Under "Setup authenticator app":

      • Scan the displayed QR code using your Authenticator App. The app will then display a six-digit code.
      • If scanning isn't possible, click enter this text code to get a code that you can manually input into your Authenticator App.

  5. Verify the Code:

    • Your Authenticator App will now save your GitHub.com account and produce a new authentication code every few seconds. Enter this code on GitHub in the "Verify the code from the app" field.

  6. Backup with Recovery Codes:

    • Click Download under "Save your recovery codes" to save these codes to your device. It's crucial to keep these codes safe, as they can help regain access to your account if you lose your primary authentication method.

  7. Finalize Setup:

    • After storing your recovery codes safely, click I have saved my recovery codes to officially activate 2FA for your account.

Info

For 28 days after 2FA setup, you're in a check-up period. Ensure to successfully perform 2FA within these 28 days, or you'll be prompted to do so on the 28th day. If you fail, use the provided shortcut to adjust your 2FA settings and maintain GitHub.com access.



Signing In Using a Passkey


  1. Visit the Login Page:
  2. Choose Passkey Sign-In:
    • Click Sign in with a passkey.Image Modified

  3. Authenticate:
    • Follow the prompts from to enter your YubiKey PIN and press the medallion to use biometric access.