On August 21, 2019, GitHub announced that its two-factor authentication now supports WebAuthn. With this new WebAuthn support, in addition to authentication methods using security keys, fingerprint authentication such as Windows Hello and Touch ID on macOS will also be available.
In line with this update, this article will introduce how to use YubiKey to enable two-factor authentication on GitHub.
Prerequisite
・Two-factor authentication must be enabled on GitHub.
Please refer to this page regarding the setup.
Usage environment
・Windows 10 ver 1809
Windows Hello is enabled.
Available YubiKeys
・YubiKey 5 Series
・Security Key by Yubico Series (Blue YubiKey)
・YubiKey 4 Series
※YubiKey 5Ci will be available in the future.
To use it now, please purchase it from Yubico Store.
Browser
・Microsoft Edge 44.17763.1.0 Major browsers support WebAuthn. Click here for the compatibility list.
※The Brave browser is required to use YubiKey 5Ci on iPhone and iPad. Click here for details.
Setting up YubiKey as Two-Factor Authentication for GitHub
Go to Settings → Security.
Add YubiKey from "Security keys" in the Two-factor authentication item.
Click the "Register new security key" button under Security keys.
Click to enter the security key name.
Insert the YubiKey to be registered into the USB port.
Enter the security key name and click the "Add" button.
When "Add" is clicked, a confirmation screen for authenticator registration will be displayed.
※If Windows Hello is set in Edge, the executions will be in the order of Internal Authenticator → External Authenticator.
Now, select "Cancel" to register the YubiKey.
After canceling, one will be asked to confirm the external authenticator.
Tap the YubiKey.
Once registration is complete, information will appear in the Security keys.
This concludes the discussion of two-factor authentication.
Now sign out and try two-factor authentication.
Enter the username/password and sign in.
Insert the YubiKey into the USB port and click the "Use security key" button.
One will be prompted to operate the security key.
Tap the YubiKey.
Sign-in is complete!
Note, if one also registers for Windows Hello and tries to sign in, one can choose which authenticator to use.
Conclusion
Implementing two-factor authentication for services can be an effective way to increase security.
When using YubiKey for two-factor authentication, it is recommended that one registers another YubiKey for backup. By preparing a backup key, they can use the backup if one happens to lose a YubiKey.