Enabling the feature preview for Passkeys
Before you are able to use Passkey with GitHub you will need to enable the feature:
- In the upper-right corner of any page, click your profile photo, then click Feature preview
- To the right of "Passkeys", click Enable
Setup Passkey for YubiKey
GitHub Passkeys offer a seamless and secure sign-in experience on GitHub.com, eliminating the need for password input. When combined with two-factor authentication (2FA), a passkey acts as both the password and 2FA, granting access in a single step.
How to Add a Passkey to Your GitHub Account:
Access Settings:
Click your profile photo on the upper-right corner of any GitHub page and select Settings.
Navigate to Authentication:
In the sidebar's Access section, choose Password and authentication.
Initiate Passkey Setup:
Under "Passkeys", select Add a passkey. Authenticate if prompted using your password or another existing method.
Under “Configure passwordless authentication”, click Add passkey and follow your passkey provider's instructions.
Confirmation:
After successfully registering your passkey, you'll see a confirmation page. Click Done.
Setup 2FA for GitHub Using Microsoft Authenticator App
Two-factor authentication (2FA) on GitHub is a secure method that requires both a password and an authentication code generated by an app on your mobile device to sign in. To bolster security, we recommend setting up 2FA using a time-based one-time password (TOTP) application, like Microsoft Authenticator App, instead of SMS. Microsoft Authenticator generates authentication codes that change over time and provide a more reliable experience.
Steps to Enable 2FA on GitHub:
Download a TOTP app:
If you haven’t already, install the Microsoft Authenticator App on your mobile device.Navigate to Settings:
On GitHub, click your profile photo at the upper-right corner, and then select Settings.Access Two-Factor Settings:
In the sidebar's Access section, choose Password and authentication. Click Enable two-factor authentication in the "Two-factor authentication" section.Setup Authenticator App:
Under "Setup authenticator app":
Verify the Code:
Your Authenticator App will now save your GitHub.com account and produce a new authentication code every few seconds. Enter this code on GitHub in the "Verify the code from the app" field.Backup with Recovery Codes:
Click Download under "Save your recovery codes" to save these codes to your device. It's crucial to keep these codes safe, as they can help regain access to your account if you lose your primary authentication method.Finalize Setup:
After storing your recovery codes safely, click I have saved my recovery codes to officially activate 2FA for your account..
Signing In Using a Passkey
- Visit the Login Page:
- Go to GitHub's login page.
- Go to GitHub's login page.
- Choose Passkey Sign-In:
- Click
- Click
- Authenticate:
- Follow the prompts from to enter your YubiKey PIN and press the medallion to use biometric access.
- Follow the prompts from to enter your YubiKey PIN and press the medallion to use biometric access.
Troubleshooting
If you do not see the "Sign in with a passkey" option after successfully setting up your YubiKey, try using this sign-in link: https://github.com/login?passkey=true