GitHub no longer accepts passwords for Git authentication, secure your accounts with YubiKey

YubiKey on a desk next to a lapt

GitHub has been a longstanding supporter of strong security for its customers and developer communities. From its most recent support for using U2F and FIDO2 security keys for SSH, to its 2019 announcement of Web Authentication (WebAuthn) support for security keys and 2015 Universal Second Factor (U2F) support, the company has continued to give its millions of customers the ability to protect their accounts and projects through the use of hardware-based YubiKey authentication.

But last week marked perhaps one of the largest steps the company has taken to date  GitHub announced that as of August 13, 2021, it no longer accepts Git password authentication account passwords when authenticating Git CLI operations and will require the use of stronger authentication credentials for all authenticated Git operations on GitHub.com. This includes  SSH keys (for developers), OAuth or GitHub App installation token (for integrators), or a hardware-based security key, such as a YubiKey. 

This announcement also comes with the continued partnership between Yubico and GitHub — as well as some really sweet limited edition GitHub branded YubiKeys (act fast!). GitHub users can secure their Git Commits using a GPG key stored on their YubiKey. This is a crucial way to ensure that open source contributions are being made by the right users in developer communities or organizations.

There is strong momentum with FIDO2, WebAuthn, and passwordless – more than half (61%) of the organizations surveyed in a recent 451 Research and Yubico report have either deployed or have passwordless authentication in pilot (34% of respondents have already deployed passwordless technology, 27% in pilot). GitHub is helping to realize this future for these organizations with their move to support FIDO2 and the path toward a passwordless future to address traditional MFA pain points.

But not all forms of MFA are created equal when it comes to supporting organizations in the transition to passwordless. YubiKeys are designed to meet and evolve with your security infrastructure and can be deployed in passwordless environments with our IAM partners as a smart card or a FIDO2 security key, for example.

If you’re seeking further information on setting up your YubiKey with GitHub for commit verification and for SSH based Authentication please watch our step by step video guide or reach out to us! 

Read Yubico’s Bridge to Passwordless series to learn more about how to plan and execute a passwordless strategy.

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless