Replies: 48 comments 116 replies
-
Beta Was this translation helpful? Give feedback.
-
Love this! Is there a way we can remove password from the account and go completely passwordless? |
Beta Was this translation helpful? Give feedback.
-
Tried to add a Yubikey 5c on Safari and Firefox on macOS, and on Firefox on Linux. Getting 422 with this error: |
Beta Was this translation helpful? Give feedback.
-
It seems I cannot setup Windows Hello as a passkey as Windows only allows me to provision a USB key: though Security Key via Windows Hello works fine. Windows 11 Pro 22H2 (22621.2283) |
Beta Was this translation helpful? Give feedback.
-
I'm not able to set up a passkey on an Android device. After going through the setup on GitHub, following the push notification steps, and entering my phone PIN, I see "Passkey registration failed." Android 11 I was able to set one up with MacOS + Chrome and Windows 11 + Chrome without issue. I tried setting it up on my device from the Windows computer, but that also resulted in a failed registration. I saw this error in the browser console at that time:
|
Beta Was this translation helpful? Give feedback.
-
Please help by explaining two things - I have read all the docs and posts but I cannot find an answer. I use a linux (ubuntu 22.04) laptop and edge browser.
Thirdly can someone answer if I don't set up 2FA or a passkey will I still be able to report bugs and contribute to discussions on github projects with a simple password. It is proving so difficult to understand all the unexplained stuff in your 2FA docs that I am thinking that it'll be easier simply to stop using github for my own code. |
Beta Was this translation helpful? Give feedback.
-
Excellent news! May I suggest adding the ability to enable 2FA for specific passkeys? |
Beta Was this translation helpful? Give feedback.
-
My small list of suggestions. It would be handy to have the ability to test the passkey directly in your account settings. Ability to add a passkey with a lifespan. Backup passkey(s). A passkey that is not intended for frequent usage and must be opened first, with a specific time period set in the initialization stage and, optionally, a list of users who must be informed. Periodically ask the user to check if he still has access to the passkey and if it is in a working condition by completing the test. If it is not already done. I never used keys for 2FA on GitHub. (pass+TOTP). And saw only messages about 2FA and backup codes. |
Beta Was this translation helpful? Give feedback.
-
Will it be possible to disable TOTP in the future? |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
I got a popup from Github today demanding an SMS authentication. I have 2FA set up with a Yubikey, a backup Yubikey, and a list of TOTP passwords. But there was no option to use the Yubikey. It insisted on SMS. My first reaction was to think this was some kind of phishing message. If you've set up 2FA with a Yubikey, you should never be forced to use SMS. |
Beta Was this translation helpful? Give feedback.
-
I was able to setup and login while the beta was active but it seems there has been a recent change in the way webauthn is requesting the device on android chrome. If I tap sign in with a passkey I just get a window saying "there aren't any passkeys for github.com on this device", where as other sites are prompting for the type of passkey to use, NFC or USB. Works fine on all other platforms but now I have to use a computer to complain about free software. |
Beta Was this translation helpful? Give feedback.
-
Today, not only did Github ask for SMS authentication again, and, as before, would not accept my Yubikey, it offered to redisplay my TOTP keys! Those are last-ditch credentials that were supposed to be sent once only! I printed them and put the printout in a safe deposit box. Now you're exposing them to anybody who can divert or steal my cell phone. This is really sloppy. Need to get Schneier on Security to review Github's 2FA system. |
Beta Was this translation helpful? Give feedback.
-
I had an issue when registering 1password as a passkey on Ubuntu 22.04 with Firefox 119.0 (64-bit). |
Beta Was this translation helpful? Give feedback.
-
Are you planning on using passkeys for git too, i.e. to allow it instead of SSH keys? |
Beta Was this translation helpful? Give feedback.
-
لقد قمت أيضًا بتعطيل أدوات حظر المحتوى والإضافات لمعرفة ما إذا كان ذلك سيحدث فرقًا. ندى. |
Beta Was this translation helpful? Give feedback.
-
The GitHub interface allows you register multiple passkeys in iCloud Keychain, but if you delete the last passkey from the GitHub page then you are not able to login with passkeys anymore, even though the GitHub page displays the previously registered passkeys. |
Beta Was this translation helpful? Give feedback.
-
Google allows me to create a passkey in my account settings. This is painless and my password manager, which works inside a Firefox browser extension, easily stores and uses it. However with Github on Firefox Linux, I don't know how to use it and a small message tells me to "touch my passkey" (whatever this means). I actually do not want to install and use an extra program for just managing and creating passkeys (and the reasons are obvious). Is there something like Google's "create passkey" feature on Github or any plans for it? |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
It seems Android (I'm using Android 13. Are these updates part of the 'Google Play system update'?) now requires discoverable/resident keys? I used to be able to log into GitHub and other services by plugging in my YubiKey and using it only as the second factor. Now it just asks me to set up a PIN. If I refuse, the login fails. Not sure about NFC. That has been broken for a long time. |
Beta Was this translation helpful? Give feedback.
-
@hpsin could you possibly unpin https://github.com/orgs/community/discussions/54450? It's confusingly listed before this one. Anyone searching would still find items in it, but as you've pinned this item, it seems more useful to have it listed prominently. |
Beta Was this translation helpful? Give feedback.
-
0xB9932F2E574A62A7F638F6E0E561179cAC186c43 |
Beta Was this translation helpful? Give feedback.
-
0x03f2d7329cb226c759852c7c27d335211d30e836 |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
YubiKey 5 doesn't work, tried both on Windows with Firefox and Chromium and on Android. I have already setup the PIN. |
Beta Was this translation helpful? Give feedback.
-
Great to hear that passkeys have moved to general availability! Here's a summary of the known issues and troubleshooting steps, as well as a guide on filing a report: Known Issues
Filing a ReportWhen encountering a bug or undesirable behavior, please provide the following details:
Useful LinksFeel free to reach out if you have any questions or need further assistance! |
Beta Was this translation helpful? Give feedback.
-
Unable to register passkey on Pixel 7 Pro
On-device encryption and Screen Lock enabled, tried logout and login github.com after click |
Beta Was this translation helpful? Give feedback.
-
It does not work for me. Passkey registration failed. |
Beta Was this translation helpful? Give feedback.
-
When using a Passkey to log in, the two-step verification process is typically bypassed. Wouldn’t it be beneficial to have an option to log in with a Passkey and then perform a second verification step using a hardware security key like YubiKey? This could add an extra layer of security for sensitive operations. |
Beta Was this translation helpful? Give feedback.
-
If you (wrongly) insist that a pin-code must be added on Yubikeys used with Firefox, then at least the error message must say so, instead of a generic failure message! |
Beta Was this translation helpful? Give feedback.
-
We've taken passkeys from a public beta to general availability, with all users able to set up and use a passkey.
This discussion is to track known ecosystem issues and get your feedback about passkeys. Previous feedback from the beta can be found here.
Known issues
Passkey registration failed. This cannot be used as a passkey
. This is because Firefox doesn't support setting up the PIN for a hardware key. If you encounter this issue, you have to set up the PIN yourself, using an app like Yubico Authenticator to manage the key directly, before trying again.Filing a report
If you've encountered a bug or undesirable behavior with how GitHub interacts with your device's passkey support , it's really helpful to know your operating system and browser version, I.e. Mac OS Ventura 13.5.2, Google Chrome 117.0.5938.62.
You can learn more about passkeys at these useful links:
Beta Was this translation helpful? Give feedback.
All reactions