Cyber Attack | Data Breach GitHub upgrades two-factor authentication with WebAuthn support -

Published on August 23rd, 2019 📆 | 4545 Views ⚑

0

GitHub upgrades two-factor authentication with WebAuthn support –

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

GitHub has announced support for the Web Authentication (WebAuthn) security standard.

GitHub already supports two-factor authentication (2FA) via SMS texts (the least secure option, given that phone numbers can be hijacked and SMS messages intercepted), one-time password authentication apps, or U2F (Universal Second Factor) security keys.

U2F is an older standard, though, and in March this year the World Wide Web Consortium (W3C) approved the WebAuthn specification, part of the FIDO Alliance’s FIDO2 specification set.

The move to WebAuthn means GitHub supports physical security keys via browsers including Firefox and Chrome on Windows, macOS, Linux and Android, on macOS with preview versions of Safari, and on iOS with Brave and a YubiKey 5Ci.

Securing a GitHub account with a physical security key

Securing a GitHub account with a physical security key

You also now have an option to opt for a laptop or phone as a security key, using Windows Hello, Touch ID on macOS, or a fingerprint reader on Android.

GitHub currently only supports security keys as a supplementary option, available once you have already set up 2FA using SMS or an authenticator app. That said, GitHub is exploring making security keys a primary option, or even to enable passwordless login.

A potential hazard with 2FA is the risk of getting locked out of your account. GitHub offers a couple of ways around this, including recovery codes that appear when you set up 2FA, that you can print out or copy to a password manager, and a suggestion that you use an authenticator app that permits backup of your keys, unlike Google Authenticator or Microsoft Authenticator.

Securing GitHub accounts is a priority since compromise may enable a bad guy to insert backdoors, password stealers, or other malware into the code for an application, a website, or library code used by multiple developers. Malware was recently discovered in a Ruby Gem package, believed to be caused by a hacked developer account.

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10, CHFI, ECSAv10, CAST, ENSA, CCNA, CCNA SECURITY, MCITP, RHCE, CHECKPOINT,  ASA FIREWALL, VMWARE, CLOUD, ANDROID, IPHONE, NETWORKING, HARDWARE, TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, CSA Certified SOC Analyst, CTIA EC-Council Certified Threat Intelligence Analyst, Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India

Source link

Free Download WordPress Themes
Free Download WordPress Themes
Premium WordPress Themes Download
Download Nulled WordPress Themes
free download udemy paid course

Tagged with:



Leave a Reply ✍


loading...