May 5, 2021 update: The limited edition U2F Security Keys described in this post are no longer available.

To help users better secure their accounts, we are expanding GitHub’s authentication system to support FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard.

GitHub encourages developers to build U2F support into their own applications as well, enabling authentication with simple user experience and strong security using public key cryptography. U2F is built to protect against phishing and man-in-the-middle attacks, allowing one U2F authenticator to access any number of services without any shared secrets. Since U2F has native support in platforms and browsers, there’s no need for drivers or client software. Read more about how U2F keys work or take a look at the GitHub U2F documentation to learn how to associate a U2F key with your GitHub account.

In order to take advantage of the security improvements provided by U2F, you’ll need to purchase a hardware key. You can purchase the U2F key of your choice from a range of vendors.

We are partnering with Yubico, inventor of the YubiKey, co-creator of the U2F protocol, and a leading provider of U2F authenticators. Together with Yubico we are offering discounts to GitHub users for a limited time through a special offer page where you will verify your GitHub account and place your order:

    • While supplies last, GitHub users can purchase special edition U2F Security Keys for $5 plus shipping and handling (regular price $18; 5,000 special edition keys available).
    • After the special keys are gone, all GitHub users are eligible for a 20% discount on U2F-certified YubiKeys, for a limited time.
    • In addition, all students who are eligible for the Student Developer Pack will receive a 20% discount on any U2F-certified YubiKey.

We hope you’ll take this step to keep your information secure.

yubico-github-u2f

Tags: