GitHub adds hardware-based authentication for developers
Two-factor authentication for GitHub repositories just got a little more universal.
GitHub expanded its authentication system to support the FIDO Universal 2nd Factor (U2F) standard in order to offer developers a hardware-backed alternative to existing login methods, the company announced Thursday at its GitHub Universe event in San Francisco. The largest code-based cloud repository is teaming up with security company Yubico, co-creator of the U2F standard, to provide developers with U2F-compliant hardware keys.
The standard was designed to address phishing and man-in-the-middle attacks. As a hardware-backed system, it has an advantage of software systems such as the Google Authenticator app because the private keys cannot be intercepted. There are no SMS messages to intercept, no malware to compromise the app.