Standard enables more security key options with passwordless a future possibility
GitHub has announced support for the Web Authentication (WebAuthn) security standard.
GitHub already supports two-factor authentication (2FA) via SMS texts (the least secure option, given that phone numbers can be hijacked and SMS messages intercepted), one-time password authentication apps, or U2F (Universal Second Factor) security keys.
U2F is an older standard, though, and in March this year the World Wide Web Consortium (W3C) approved the WebAuthn specification, part of the FIDO Alliance's FIDO2 specification set.
The move to WebAuthn means GitHub supports physical security keys via browsers including Firefox and Chrome on Windows, macOS, Linux and Android, on macOS with preview versions of Safari, and on iOS with Brave and a YubiKey 5Ci.
github upgrades factor authentication webauthn support
