Replies: 41 comments 109 replies
-
Beta Was this translation helpful? Give feedback.
-
Love this! Is there a way we can remove password from the account and go completely passwordless? |
Beta Was this translation helpful? Give feedback.
-
Tried to add a Yubikey 5c on Safari and Firefox on macOS, and on Firefox on Linux. Getting 422 with this error: |
Beta Was this translation helpful? Give feedback.
-
It seems I cannot setup Windows Hello as a passkey as Windows only allows me to provision a USB key: though Security Key via Windows Hello works fine. Windows 11 Pro 22H2 (22621.2283) |
Beta Was this translation helpful? Give feedback.
-
I'm not able to set up a passkey on an Android device. After going through the setup on GitHub, following the push notification steps, and entering my phone PIN, I see "Passkey registration failed." Android 11 I was able to set one up with MacOS + Chrome and Windows 11 + Chrome without issue. I tried setting it up on my device from the Windows computer, but that also resulted in a failed registration. I saw this error in the browser console at that time:
|
Beta Was this translation helpful? Give feedback.
-
Please help by explaining two things - I have read all the docs and posts but I cannot find an answer. I use a linux (ubuntu 22.04) laptop and edge browser.
Thirdly can someone answer if I don't set up 2FA or a passkey will I still be able to report bugs and contribute to discussions on github projects with a simple password. It is proving so difficult to understand all the unexplained stuff in your 2FA docs that I am thinking that it'll be easier simply to stop using github for my own code. |
Beta Was this translation helpful? Give feedback.
-
Excellent news! May I suggest adding the ability to enable 2FA for specific passkeys? |
Beta Was this translation helpful? Give feedback.
-
My small list of suggestions. It would be handy to have the ability to test the passkey directly in your account settings. Ability to add a passkey with a lifespan. Backup passkey(s). A passkey that is not intended for frequent usage and must be opened first, with a specific time period set in the initialization stage and, optionally, a list of users who must be informed. Periodically ask the user to check if he still has access to the passkey and if it is in a working condition by completing the test. If it is not already done. I never used keys for 2FA on GitHub. (pass+TOTP). And saw only messages about 2FA and backup codes. |
Beta Was this translation helpful? Give feedback.
-
Will it be possible to disable TOTP in the future? |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
I got a popup from Github today demanding an SMS authentication. I have 2FA set up with a Yubikey, a backup Yubikey, and a list of TOTP passwords. But there was no option to use the Yubikey. It insisted on SMS. My first reaction was to think this was some kind of phishing message. If you've set up 2FA with a Yubikey, you should never be forced to use SMS. |
Beta Was this translation helpful? Give feedback.
-
I was able to setup and login while the beta was active but it seems there has been a recent change in the way webauthn is requesting the device on android chrome. If I tap sign in with a passkey I just get a window saying "there aren't any passkeys for github.com on this device", where as other sites are prompting for the type of passkey to use, NFC or USB. Works fine on all other platforms but now I have to use a computer to complain about free software. |
Beta Was this translation helpful? Give feedback.
-
Today, not only did Github ask for SMS authentication again, and, as before, would not accept my Yubikey, it offered to redisplay my TOTP keys! Those are last-ditch credentials that were supposed to be sent once only! I printed them and put the printout in a safe deposit box. Now you're exposing them to anybody who can divert or steal my cell phone. This is really sloppy. Need to get Schneier on Security to review Github's 2FA system. |
Beta Was this translation helpful? Give feedback.
-
I had an issue when registering 1password as a passkey on Ubuntu 22.04 with Firefox 119.0 (64-bit). |
Beta Was this translation helpful? Give feedback.
-
I verified that no security key has been created. That is, when I click
through to that setting, none exists.
…On Mon, Jan 8, 2024, 13:12 Hirsch Singhal ***@***.***> wrote:
Do you happen to have a security key enabled as well, from the same
device? We've seen some issues with iOS not fully removing the security key
registration when upgrading to a passkey, meaning it offers both, but only
one works.
—
Reply to this email directly, view it on GitHub
<#67791 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AB2BCDFGNFKPDSVVBSOI5DTYNQZJZAVCNFSM6AAAAAA5A7NFNSVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DANJTGYZTI>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
Is it possible to add modern Chromebooks with PIN as a passkey? My |
Beta Was this translation helpful? Give feedback.
-
I set up a GitHub passkey on my Pixel 8 (Android 14) when I first got it, and it worked for a while 👍 I used Chrome desktop on macOS Sonoma to set this up But then after a few weeks, the problems started 😬 (may have been after an Android OS software update, Chrome software update, macOS software update, or a combination of multiple of these) Problem 1: I cannot create a GitHub passkey on my Pixel 8 from macOS ChromeIt is able to add the device and prompts me on which Google account to save the passkey, which seems to succeed But then GitHub returns the following message in the macOS Chrome window:
Problem 2: I cannot log in with a GitHub passkey created on the Pixel 8 directlyIf I create a GitHub passkey using the mobile Chrome on the Pixel 8, it seems to create the passkey, and GitHub sends me an email that the passkey was successfully created Interestingly, this passkey is nowhere to be found in the Pixel 8 Chrome mobile password manager (Settings -> Password Manager). GitHub does not have an entry for the passkey as in the message by @hpsin. And then any attempts to use the GitHub passkey (eg. to sign in) will fail - the mobile Chrome will show only "NFC security key" and "USB security key" as options: Attempts At Resolving the ProblemThings I have tried include (many cycles of the following):
Versions
|
Beta Was this translation helpful? Give feedback.
-
I'm sorry, but biometric authentication methods aren't more secure than regular password-based and 2FA-based authentication. In fact, they're worse.
See also this video: Biometric "Security" Is NOT Secure One interesting quote of the video is the following: “It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson of the CCC. |
Beta Was this translation helpful? Give feedback.
-
I’m suddenly experiencing passkey failures from macOS and iOS after months of smooth running? I was forced to use username and password and 2fa via Auth app. any clues? How should I try fix this? |
Beta Was this translation helpful? Give feedback.
-
لقد قمت أيضًا بتعطيل أدوات حظر المحتوى والإضافات لمعرفة ما إذا كان ذلك سيحدث فرقًا. ندى. |
Beta Was this translation helpful? Give feedback.
-
The GitHub interface allows you register multiple passkeys in iCloud Keychain, but if you delete the last passkey from the GitHub page then you are not able to login with passkeys anymore, even though the GitHub page displays the previously registered passkeys. |
Beta Was this translation helpful? Give feedback.
-
Google allows me to create a passkey in my account settings. This is painless and my password manager, which works inside a Firefox browser extension, easily stores and uses it. However with Github on Firefox Linux, I don't know how to use it and a small message tells me to "touch my passkey" (whatever this means). I actually do not want to install and use an extra program for just managing and creating passkeys (and the reasons are obvious). Is there something like Google's "create passkey" feature on Github or any plans for it? |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
It seems Android (I'm using Android 13. Are these updates part of the 'Google Play system update'?) now requires discoverable/resident keys? I used to be able to log into GitHub and other services by plugging in my YubiKey and using it only as the second factor. Now it just asks me to set up a PIN. If I refuse, the login fails. Not sure about NFC. That has been broken for a long time. |
Beta Was this translation helpful? Give feedback.
-
@hpsin could you possibly unpin https://github.com/orgs/community/discussions/54450? It's confusingly listed before this one. Anyone searching would still find items in it, but as you've pinned this item, it seems more useful to have it listed prominently. |
Beta Was this translation helpful? Give feedback.
-
0xB9932F2E574A62A7F638F6E0E561179cAC186c43 |
Beta Was this translation helpful? Give feedback.
-
0x03f2d7329cb226c759852c7c27d335211d30e836 |
Beta Was this translation helpful? Give feedback.
-
We've taken passkeys from a public beta to general availability, with all users able to set up and use a passkey.
This discussion is to track known ecosystem issues and get your feedback about passkeys. Previous feedback from the beta can be found here.
Known issues
Passkey registration failed. This cannot be used as a passkey
. This is because Firefox doesn't support setting up the PIN for a hardware key. If you encounter this issue, you have to set up the PIN yourself, using an app like Yubico Authenticator to manage the key directly, before trying again.Filing a report
If you've encountered a bug or undesirable behavior with how GitHub interacts with your device's passkey support , it's really helpful to know your operating system and browser version, I.e. Mac OS Ventura 13.5.2, Google Chrome 117.0.5938.62.
You can learn more about passkeys at these useful links:
Beta Was this translation helpful? Give feedback.
All reactions