GitHub Verify Feature Strengthens YubiKey Value

April 5, 2016 2 minute read
github code commit

Often times, it’s the little things in life that bring the most satisfaction.

For GitHub users, a shiny new “little thing” is available today. New “Verified” checkmarks in the Web interface document that commits are signed with GPG keys, which ensures the integrity of the code. No more downloading code from GitHub to verify commit signatures.

And, as always, those GPG signing operations can be done with a YubiKey 4 or YubiKey NEO in either of the two form factors.

Signing your work has not been a top feature of Git, even though it ensures data is coming from a trusted source.

With code, integrity is everything. And now GitHub is providing visual audit cues to ensure integrity with just a quick glance. Nothing else has changed in the way either GitHub or YubiKey function, but life just got a little easier. Or as our own devs say, “it’s a quality of life improvement.”

Back in October, GitHub added support for the FIDO Alliance’s Universal 2nd Factor, adding yet another option for strong authentication to their platform and bringing YubiKey owners into the fold. Today signals another platform improvement that is immediately available to YubiKey owners.

Need to figure out how to sign your work using Git and a YubiKey?

We have prepared a tutorial of sorts to walk you through the setup, signing, and verifying tags and commits (with a little merge and pushing thrown in).

Lately, we have been using the word versatility to define Yubico’s concept of modern security and strong authentication. And we’ve been proving it with YubiKey support among partners such as Dashlane, Centrify, Docker, Dropbox, Google, Okta, and, most recently, the UK government and Digidentity.

GitHub is another example, offering developers a set of authentication and content signing features.

There isn’t a silver bullet for security and strong authentication. Progress is measured in stages, and innovation adds up in tangible increments. Some gains are smaller than others, but to Yubico, they all help us build a stronger and more secure Internet.

Share this article:

Recommended content

#YubiSecure: Take your Twitter security to the next level with increased 2FA support

Great news YubiFans! As of today, Twitter made it a lot easier for you to tweet safely and keep your accounts secure. Phishing-resistant YubiKey authentication via WebAuthn is now supported on Twitter’s desktop, Android and iOS mobile applications.  With native WebAuthn support throughout the Twitter platform, you can register and use a USB-, NFC-, or Lightning-compatible security key, like ...

AWS Expands YubiKey Support with AWS SSO WebAuthn Integration

Another win for FIDO at the heels of its first industry conference, Authenticate 2020.  AWS Single Sign-On (SSO) has introduced native WebAuthn support to secure user access to AWS accounts and business applications using strong, FIDO-based multi-factor authentication (MFA) with YubiKeys.  Broader choice of authentication methods by AWS SSO is a win for modern authentication that has historically ...

Improving Performance and Security While Driving Down the Cost of Microsoft 365 - Yubico

Microsoft 365 comes with some shortcomings in the areas of security.

Available now! Works with YubiKey makes it easy for services to self-verify and for users to submit integrations for listing

Changing the world can’t be done alone. That’s why integrations play such a critical role in our mission to make the internet safer. We often like to say that we have created  the key, and our partners build the locks. With this in mind, we launched Works with YubiKey (WWYK), our technology alliance program for ...