Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Overview


GitHub Passkeys provide a secure method for signing into GitHub.com without the need for a password. For those utilizing two-factor authentication (2FA), a passkey fulfills both the password and 2FA criteria, streamlining the sign-in process to just one step. 

Please Note:

In order to set up passkey, your GitHub 2FA must be configured first.

On This Page




Setup Passkey for YubiKey


GitHub Passkeys offer a seamless and secure sign-in experience on GitHub.com, eliminating the need for password input. When combined with two-factor authentication (2FA), a passkey acts as both the password and 2FA, granting access in a single step.

Distinct from regular security keys, passkeys validate your identity based on "something you know" (like a PIN) or "something you are" (biometric data like a fingerprint). Signing in with a passkey engages your device's native authentication, such as your YubiKey, unlocking a private key that GitHub authenticates. Notably, once a synced passkey is established on a device, it's usable across any device sharing that passkey provider.

How to Add a Passkey to Your GitHub Account:

  1. Access Settings: Click your profile photo on the upper-right corner of any GitHub page and select Settings.

  2. Navigate to Authentication: In the sidebar's Access section, choose Password and authentication.

  3. Initiate Passkey Setup: Under "Passkeys", select Add a passkey. Authenticate if prompted using your password or another existing method.

  4. Configure Authentication: Under “Configure passwordless authentication”, click Add passkey and follow your passkey provider's instructions.

  5. Confirmation: After successfully registering your passkey, you'll see a confirmation page. Click Done.


Setup 2FA for GitHub Using Microsoft Authenticator App


Two-factor authentication (2FA) on GitHub is a secure method that requires both a password and an authentication code generated by an app on your mobile device to sign in. To bolster security, we recommend setting up 2FA using a time-based one-time password (TOTP) application, like Microsoft Authenticator App, instead of SMS. Microsoft Authenticator generates authentication codes that change over time and provide a more reliable experience.

Steps to Enable 2FA on GitHub using TOTP:

  1. Download a TOTP app: If you haven’t already, install the Microsoft Authenticator App on your mobile device.

  2. Navigate to Settings: On GitHub, click your profile photo at the upper-right corner, and then select Settings.

  3. Access Two-Factor Settings: In the sidebar's Access section, choose Password and authentication. Click Enable two-factor authentication in the "Two-factor authentication" section.

  4. Setup Authenticator App: Under "Setup authenticator app":

    • Scan the displayed QR code using your Authenticator App. The app will then display a six-digit code.
    • If scanning isn't possible, click enter this text code to get a code that you can manually input into your Authenticator App.

  5. Verify the Code: Your Authenticator App will now save your GitHub.com account and produce a new authentication code every few seconds. Enter this code on GitHub in the "Verify the code from the app" field.

  6. Backup with Recovery Codes: Click Download under "Save your recovery codes" to save these codes to your device. It's crucial to keep these codes safe, as they can help regain access to your account if you lose your primary authentication method.

  7. Finalize Setup: After storing your recovery codes safely, click I have saved my recovery codes to officially activate 2FA for your account.


For 28 days after 2FA setup, you're in a check-up period. Ensure to successfully perform 2FA within these 28 days, or you'll be prompted to do so on the 28th day. If you fail, use the provided shortcut to adjust your 2FA settings and maintain GitHub.com access.

Signing In Using a Passkey


  1. Visit the Login Page: Go to GitHub's login page.

  2. Choose Passkey Sign-In: Click Sign in with a passkey.

  3. Authenticate: Follow the prompts from to enter your YubiKey PIN and press the medallion to use biometric access.

  • No labels