Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

GitHub adds hardware-based authentication for developers

Fahmida Y. Rashid | Oct. 2, 2015
GitHub developers will now be able to log in to the code repository using YubiKey hardware keys.

The most interest for two-factor authentication has been among U.S.-based developers and their European counterparts, and Davenport expects the same pattern of adoption with the YubiKey. There were several reasons for lower adoption in other regions -- such as India and Latin America -- including the challenges of sending SMS messages internationally. Yubico does ship keys around the world, so adding U2F to GitHub may help address some of those reasons in those regions.

GitHub wants this announcement to be the "catalyst to use U2F around the world," Davenport said.

Developers are also encouraged to build in U2F support in their own applications. At the moment, GitHub is supporting U2F only for logging in, but Davenport said GitHub and Yubico are discussing other potential areas of integration, such as maintaining code integrity and code signing. In fact, there is an internal project at Yubico where developers use the YubiKey's PGP functionality to sign their code. Although the process is "not quite yet one-touch" and the user experience needs more work, it highlights different ways the YubiKey can be used, said Stina Enhrensvard, CEO and founder of Yubico.

GitHub is turning on U2F support for both the cloud-based as well as GitHub Enterprise, the on-premise version of the code repository. Enterprise users would register their keys with their repositories in order to use them, Davenport said.

As breaches have repeatedly shown, just passwords are not enough for securing accounts or keeping data secure. With U2F, the goal is to move developers and companies away from "default" security to "better" security, Enhrensvard said. Hardware-based alternatives make it simple to put simple, scalable public key cryptography in the hands of millions of Internet users. With GitHub, it's a more secure repository, one developer and one key at a time.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.