Bleeping Computer
GitHub has added support for securing SSH Git operations using FIDO2 security keys for added protection from account takeover attempts.
Researchers at North Carolina State University (NCSU) found two years ago that more than 100,000 GitHub repositories have leaked API tokens and cryptographic (SSH and TLS) keys after scanning roughly 13% of GitHub’s public repositories over almost six months.
Even worse, they also discovered that thousands of new repositories were also leaking secrets daily.
With GitHub’s newly added feature, you can now use portable FIDO2 devices for SSH authentication to secure Git operations and prevent accidental private key exposure and malware initiating requests without your approval.