Ben Toews

In an effort to increase the adoption of FIDO U2F second factor authentication, we’re releasing Soft U2F—a software-based U2F authenticator for macOS. Soft U2F currently works with Google Chrome and…

In an effort to increase the adoption of FIDO U2F second factor authentication, we’re releasing Soft U2F: a software-based U2F authenticator for macOS. We’ve long been interested in promoting better…

Millions of people rely on GitHub Pages to host their websites and millions more visit these websites every day. To better protect traffic to GitHub Pages sites, as well as…

Despite the best efforts of its writers, software has vulnerabilities, and GitHub is no exception. Finding, fixing, and learning from past bugs is a critical part of keeping our users…

Looking through our exception tracker the other day, I ran across a notice from our slow-query logger that caught my eye. I saw a SELECT … WHERE … LIKE query…

May 5, 2021 update: The limited edition U2F Security Keys described in this post are no longer available. To help users better secure their accounts, we are expanding GitHub’s authentication…

Like many sites, GitHub uses a content delivery network (CDN) to serve static assets such as JavaScript, CSS, and images to our users. The CDN makes web browsing faster by…

With Subresource Integrity (SRI), using GitHub is safer than ever. SRI tells your browser to double check that our Content Delivery Network (CDN) is sending the right JavaScript and CSS…

You can now create deploy keys with read-only access. A deploy key is an SSH key that is stored on your server and grants access to a single GitHub repository.…

It’s already been a year since we launched the GitHub Security Bug Bounty, and, thanks to bug reports from researchers across the globe, 73 previously unknown security vulnerabilities in our…

If you’re a Gmail user who gets GitHub notifications via email, you’ll notice that we’ve added subject-line links to issues and pull requests on notification messages. You can use these…

Today we’re adding two-factor authentication to GitHub. When you enable this feature, it adds an additional layer of security to your account. When logging in to GitHub, after providing your…

In the ongoing effort to keep our users safe, we recently took inspiration from the Unix sudo command. We wanted to require password confirmation for dangerous actions on GitHub.com, but…

Both GitHub and Gist offer ways to view “raw” versions of user content. Instead of viewing files in the visual context of the website, the user can see the actual…