GitHub, the leading software developers community with 11 million global users and 27 million projects, has built U2F into their authentication system, meaning that Yubico’s lineup of U2F-compliant keys — U2F Security Key, YubiKey 4, and YubiKey NEO — are ready to protect GitHub’s millions of users and their volumes of sensitive data. 

Taking advantage of the open source community around U2F that Yubico has nurtured, GitHub was able to build comprehensive support in a short time. Read GitHub’s blog announcing their support for U2F. They encourage developers to build U2F support into their own applications as well. 

YubiKey is easy to set up, and even easier to use. Learn how to use your YubiKey with GitHub.

GitHub Verified Commits

In addition, YubiKey 4 and YubiKey NEO can be used with GitHub’s “Verified” feature to protect the integrity of code stored in GitHub. GitHub commits are signed with GPG keys, which can be imported and stored on the YubiKey 4 or YubiKey NEO using these instructions. Verified check marks appear directly in the browser interface of GitHub, signaling to users that data has been provided by a trusted source.

The Skinny on Universal 2nd Factor (U2F)

U2F is an emerging open authentication standard co-created by Yubico. U2F brings high-security public key cryptography without the complexity of drivers, clients software, and certificate authority (CA). One single U2F device can be used with many services yet maintains privacy. To see where else you can use your U2F-certified YubiKey, see our FIDO U2F page. U2F provides simple, scalable, secure, second-factor login.

“There are dozens of libraries to implement U2F support in your applications. Those libraries are open-source on GitHub. …By implementing U2F ourselves and providing YubiKeys to tens of thousands of developers, we’re going to help push forward U2F and make it truly universal.”

Shawn Davenport, VP of Security, GitHub

GitHub Universe Day 1 Keynote: Secured with Love by GitHub and Yubico