-
This discussion is for feedback on the public beta of passkeys on GitHub.com. Please let us know any issues you run into, ideas you have to improve the feature, or questions you might have about it. Handy docs
Known issues
Preview limitations
|
Beta Was this translation helpful? Give feedback.
Replies: 59 comments 189 replies
-
In the feature preview, the |
Beta Was this translation helpful? Give feedback.
-
Chrome 114.0.5735.199 (latest public) is not passkey compatible? |
Beta Was this translation helpful? Give feedback.
-
will everyone be forced to sign in with passkeys later like with 2fa ? |
Beta Was this translation helpful? Give feedback.
-
I constantly get the message: Passkey registration failed. I am running macOS 14 DB3 and tried to activate it on Safari. Is Safari on current beta nut supported for Passkey registration? |
Beta Was this translation helpful? Give feedback.
-
Using Chrome 114.0.5735.198 on Linux, and I'm getting
The result of |
Beta Was this translation helpful? Give feedback.
-
I have Windows Hello added as a "security key" (on Windows 11) – it already works for 2FA and I get the offer to upgrade it to a passkey, but doing so pops up the Hello dialog that requires me to connect a hardware key. This happens equally with Chrome 114 and Firefox 114. (On the other hand, I've successfully upgraded the Android Chrome "security key" to a passkey, and was able to use it from the same Windows 11 through the bluetooth thingy Chrome does.) |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
I don't see the (documented) Sign in with a passkey option anywhere on the GitHub login page... I checked that page in these browsers:
Note that I use (the) 1Password (browser extension) as my passkey provider (although I also use iCloud Keychain as a backup). |
Beta Was this translation helpful? Give feedback.
-
Firefox should be allowed with 1Password to store the passkey |
Beta Was this translation helpful? Give feedback.
-
First of all, congrats and thank you for the great work! It's really good to see this being released in more places. I'm using Safari/iCloud Keychain, and Google's implementation allowed me to bind the passkey to an already existing password entry. GitHub's, on the other hand, created a new one with only my username as the "User Name" field. I ended up with duplicate entries – one being only the passkey, and the other keeping the password, 2FA code and notes. Is this by design? |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
It appears as though in this you are forcing resident-key=required. This is a problem because almost CTAP2 devices have extremely limited storage for resident keys. It is common for this to vary from 8 to 32 key slots. As users enroll their devices to sites or have multiple accounts, this will rapidly consume that space. To make this worst, as most devices currently on the market are CTAP2.0, they have no way to delete a resident key once created. It's also key to note, many users of github will be early adopters and will likely use yubikeys and other devices which this issue affects. Since you have no way to prevent a CTAP2 device being used (since to allow caBLE means you allow roaming authenticators, which also allows usb-hid), you very likely will contribute to user keys running out of storage with this scheme. There are many ways you can proceed that don't force key residence! Many platform authenticators under "discouraged" will create a resident key anyway, and will set that in their credProps allowing the usernameless workflow (which you can trigger in the username field with conditional ui) - but you should also allow passwordless workflows where a user enters their username, conditional ui isn't completed, then you can look up the user and prompt for their non-resident key. This will allow users to use "passkeys" without damaging their devices, while still allowing usernameless as an option with conditional ui. |
Beta Was this translation helpful? Give feedback.
-
Will we eventually be able to remove our password from our accounts in favor of using passkeys? Just did this with my personal Microsoft account and have been loving it. |
Beta Was this translation helpful? Give feedback.
-
never using passkeys before. little complicated with saved random passwords |
Beta Was this translation helpful? Give feedback.
-
What does this feature actually add? I've been using u2f keys for years now. And since recently my browser keeps asking me when signing in if I want to use a passkey or a hardware security key. So what does enabling this feature add/change? Wasn't it literally already working oob? |
Beta Was this translation helpful? Give feedback.
-
Excellence |
Beta Was this translation helpful? Give feedback.
-
I just came across an issue that I can't seem to solve. I had my Android phone registered as a passkey and everything worked well. I had to factory reset my phone last night and ever since I can't use my phone as a passkey any more. At first I thought it was the old passkey which caused trouble so I deleted it from Github and from my phone, but when I try to register again it always fails now (Error: Passkey registration failed). I've tried both, setting it up from a Macbook via bluetooth, or via the browser on the phone itself, but nothing works. Passkeys are otherwise working well, for example with my Google login. |
Beta Was this translation helpful? Give feedback.
-
Just discovered this and using it with 1password. Works like a charm! Offering positive feedback for once :) |
Beta Was this translation helpful? Give feedback.
-
I don't regularly use a mobile device, so I am trying this passkey feature, so that I don't get locked out of the 2FA rollout. |
Beta Was this translation helpful? Give feedback.
-
Thanks! I looked at https://bitwarden.com/pricing/ which will be offering passkeys, just after Github locks me out. |
Beta Was this translation helpful? Give feedback.
-
Hey folks! Thank you all for your feedback and discussion. With your help we've taken passkeys to GA, and every user can now register and use the on GitHub.com. You can find our launch blog post here, which includes an overview of the changes made since the beta based on your feedback. If you find additional issues or have more feedback, we're tracking that here. |
Beta Was this translation helpful? Give feedback.
-
Will we eventually be able to remove our password from our accounts in favor of using passkeys? Just did this with my personal Microsoft account and have been loving it. |
Beta Was this translation helpful? Give feedback.
-
It looks like I can no longer select my phone's (or rather Chrome's) builtin webauthn token as a webauthn authenticator on my GitHub account - with my previous phone (before passkey support arrived) this worked just fine. I do NOT want not use a passkey since I prefer both password and webauth instead of just the passkey. It would be nice if this bug could be fixed. |
Beta Was this translation helpful? Give feedback.
-
I added my FIDO2 USB-token (onlykey) to my github account and upgraded it to passkey. Afterwards I was not able to add my windows hello as a second passkey. The browser only asked for USB-Tokens and ignored win hello completely. |
Beta Was this translation helpful? Give feedback.
-
Have you added usb token? |
Beta Was this translation helpful? Give feedback.
-
Just started using passkey, and it is intolerably slow to log in. I've basically given up, refreshed the page, and used 2FA. Is there a special browser setting to make this work? I use LibreWolf. |
Beta Was this translation helpful? Give feedback.
Hey folks! Thank you all for your feedback and discussion. With your help we've taken passkeys to GA, and every user can now register and use the on GitHub.com.
You can find our launch blog post here, which includes an overview of the changes made since the beta based on your feedback.
If you find additional issues or have more feedback, we're tracking that here.