To help users better secure their accounts, we are expanding GitHub’s authentication system to support FIDO Universal 2nd Factor (U2F)—a rapidly growing open authentication standard.
GitHub encourages developers to build U2F support into their own applications as well, enabling authentication with simple user experience and strong security using public key cryptography. U2F is built to protect against phishing and man-in-the-middle attacks, allowing one U2F authenticator to access any number of services without any shared secrets. Since U2F has native support in platforms and browsers, there’s no need for drivers or client software. Read more about how U2F keys work or take a look at the GitHub U2F documentation to learn how to associate a U2F key with your GitHub account.
In order to take advantage of the security improvements provided by U2F, you’ll need to purchase a hardware key. You can purchase the U2F key of your choice from a range of vendors. We are partnering with Yubico, inventor of the YubiKey, co-creator of the U2F protocol, and a leading provider of U2F authenticators. Together with Yubico we are offering discounts to GitHub users for a limited time through a special offer page where you will verify your GitHub account and place your order:
We hope you’ll take this step to keep your information secure.