Tuesday, 17 August 2021 22:28

GitHub goes passwordless for CLI Git operations

0
Shares
By

GitHub is home to many of the world's greatest open-source projects and to ensure continued protection to GitHub users and projects it no longer accepts Git password authentication for CLI operations and requires the use of stronger authentication methods.

GitHub is the largest custodian of open-source software in the world and is used by millions of developers worldwide daily. It’s imperative GitHub provides strong security for its customers and developer communities.

Previously, GitHub has brought in support for Universal Second Factor (U2F) in 2015, Web Authentication (WebAuthn) such as FaceID or Microsoft Hello in 2019, and recently U2F and FIDO2 security keys for SSH. Examples of FIDO2 security keys include the hardware-based authenticators from Yubico or Feitian which can communicate with your devices via Bluetooth, USB, NFC, and other means.

Last week GitHub announced possibly its largest step to date regarding security, and no longer accepts password authentication for CLI operations and requires the use of stronger authentication credentials for all authenticated Git operations on GitHub.com.

This includes SSH keys for developers, OAuth or GitHub App installation tokens for integrators, or a hardware-based security key like a YubiKey or Feitian FIDO2 device.

The announcement also comes with a stronger partnership between Yubico and GitHub, including some limited edition GitHub-branded YubiKeys. GitHub users can secure their Git commits using a GPG key stored on their YubiKey, ensuring open source contributions are being made by the right users in developer communities or organisations.

GitHub research identifies over 61% of organisations have either deployed passwordless authentication or have it in a pilot phase. GitHub is helping to realise this future for these organisations with their move to support FIDO2 and the path forward to a passwordless future. It also helps to wean organisations off their reliance on SMS-based authentication, which is no longer advocated by NIST 800-63B.

You can buy a GitHub-branded YubiKey from their online store and find instructions to set it (or any other YubiKey) here, as well as instructions on setting up commit signing with digital signatures.

There's also a video guide below. With all these resources, if you're not yet embracing hardware security keys there's no reason to delay any further.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Published in Security
Tagged under
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Latest from David M Williams

Related items

More in this category: « Accenture denies any impact from LockBit ransomware hit
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top