Support has been added to bolster defense against account compromise.
GitHub has announced support for security keys to prevent account compromise in SSH Git operations. When you add a security key to SSH operations, you can use these devices to protect you and your account from accidental exposure, account hijacking, or malware, GitHub security engineer Kevin Jones said in a blog post on May 10. Security keys, including the YubiKey, Thetis Fido U2F Security Key, and Google Titan Security Keys, are physical, portable dongles that implement an additional layer of security to your online services and accounts. Strong passwords are still important but due to the prevalence of data leaks and cyberattacks, they are becoming less effective as a single security measure — leading to the creation of password managers that also monitor for credential exposure online, biometrics, and security keys.
