jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Deprecate 3.13 (#56623)

Browse Source
This commit is contained in:
Kevin Heis
2025-07-14 18:00:38 -07:00
committed by GitHub
parent 859ce37513
commit 4cab158957
132 changed files with 287 additions and 930066 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
content/authentication/authenticating-with-a-passkey/about-passkeys.md
View File

@@ -3,7 +3,9 @@ title: About passkeys
intro: 'Passkeys allow you to sign in safely and easily, without requiring a password and two-factor authentication.'
permissions: '{% ifversion fpt or ghec %}Personal account owners who manage their own credentials{% endif %}'
versions:
feature: passkeys
fpt: '*'
ghec: '*'
ghes: '*'
shortTitle: About passkeys
---

8
content/authentication/authenticating-with-a-passkey/managing-your-passkeys.md
View File

@@ -3,7 +3,9 @@ title: Managing your passkeys
intro: 'You may be prompted to register a passkey during sign-in, or you can choose to register a new passkey in your account settings. For 2FA users, you can upgrade existing eligible security keys into passkeys.'
permissions: '{% ifversion fpt or ghec%}Personal account owners who manage their own credentials{% endif %}'
versions:
feature: passkeys
fpt: '*'
ghec: '*'
ghes: '*'
type: how_to
shortTitle: Manage your passkeys
---
@@ -34,7 +36,7 @@ Before starting the upgrade procedure, make sure that you are using the device t
{% data reusables.user-settings.security %}
{% data reusables.passkeys.add-passkey-settings-page %}
1. If prompted, authenticate with your password, or use another existing authentication method.
1. Under “Configure passwordless authentication”, under "Upgrade your security key registration to a passkey", review the information that confirms the name of the security key to be upgraded, then click **Upgrade to passkey**.
1. Under “Configure passwordless authentication”, under "Upgrade your security key registration to a passkey," review the information that confirms the name of the security key to be upgraded, then click **Upgrade to passkey**.
1. At the prompt, follow the steps outlined by the passkey provider.
{% data reusables.passkeys.passkey-success-done %}
@@ -49,7 +51,7 @@ Before starting the upgrade procedure, make sure that you are using the device t
Many passkeys support syncing, where your passkey is backed up by the provider's account system (iCloud, Google account, password manager, etc.). If you ever lose your device, you can recover your synced passkeys by signing in to your passkey provider.
In some cases, your passkey may be "device-bound", which means the passkey cannot be synced and is not backed up to the cloud. For example, you can register FIDO2 hardware security keys (such as a YubiKey) as a passkey, but that passkey will not be synced. If your passkey is device-bound, and you lose or wipe the device, the passkey cannot be recovered. If you are only using device-bound passkeys, it is a best practice to register passkeys on at least two different devices, in case you lose access to one.
In some cases, your passkey may be "device-bound," which means the passkey cannot be synced and is not backed up to the cloud. For example, you can register FIDO2 hardware security keys (such as a YubiKey) as a passkey, but that passkey will not be synced. If your passkey is device-bound, and you lose or wipe the device, the passkey cannot be recovered. If you are only using device-bound passkeys, it is a best practice to register passkeys on at least two different devices, in case you lose access to one.
You can see which of your passkeys are synced, and which are device-bound, under "Passkeys" in your account security settings. Synced passkeys will include a blue `Synced` label next to their name.

4
content/authentication/authenticating-with-a-passkey/signing-in-with-a-passkey.md
View File

@@ -3,7 +3,9 @@ title: Signing in with a passkey
intro: 'You can use a passkey to sign in safely and easily to {% data variables.product.prodname_dotcom %} in your browser, without requiring a password and two-factor authentication. You can also sign in using a passkey on a nearby device.'
permissions: '{% ifversion fpt or ghec%}Personal account owners who manage their own credentials{% endif %}'
versions:
feature: passkeys
fpt: '*'
ghec: '*'
ghes: '*'
type: how_to
shortTitle: Sign in with a passkey
---

12
content/authentication/keeping-your-account-and-data-secure/about-authentication-to-github.md
View File

@@ -20,7 +20,7 @@ To keep your account secure, you must authenticate before you can access certain
You can access your resources in {% data variables.product.github %} in a variety of ways: in the browser, via {% data variables.product.prodname_desktop %} or another desktop application, with the API, or via the command line. Each way of accessing {% data variables.product.github %} supports different modes of authentication.
{%- ifversion not fpt %}
* Your identity provider (IdP){% endif %}
* Username and password with two-factor authentication{% ifversion passkeys %}, or a passkey{% endif %}
* Username and password with two-factor authentication, or a passkey
* {% data variables.product.pat_generic_caps %}
* SSH key
@@ -30,7 +30,7 @@ You can access your resources in {% data variables.product.github %} in a variet
If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you will authenticate to {% data variables.product.github %} in your browser using your IdP. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users#authenticating-as-a-managed-user){% ifversion fpt %} in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}.{% endif %}
If you're not a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you will authenticate using your {% data variables.product.prodname_dotcom %} username and password{% ifversion passkeys %}, or a passkey{% endif %}. You may also use two-factor authentication and SAML single sign-on, which can be required by organization and enterprise owners.
If you're not a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you will authenticate using your {% data variables.product.prodname_dotcom %} username and password, or a passkey. You may also use two-factor authentication and SAML single sign-on, which can be required by organization and enterprise owners.
{% else %}
@@ -42,12 +42,8 @@ You can authenticate to {% data variables.product.github %} in your browser in a
{% data reusables.two_fa.mandatory-2fa-contributors-2023 %}
{% endif %}
{% ifversion account-switcher %}
If you need to use multiple accounts on {% data variables.location.product_location %}, such as a personal account and a service account, you can quickly switch between your accounts without always needing to reauthenticate each time. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts).
{% endif %}
* **Username and password only**
* You'll create a password when you create your account on {% data variables.product.github %}. We recommend that you use a password manager to generate a random and unique password. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-strong-password).{% ifversion fpt or ghec %}
* If you have not enabled 2FA, {% data variables.product.github %} may ask for additional verification when you first sign in from a new or unrecognized device, such as a new browser profile, a browser where the cookies have been deleted, or a new computer. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/verifying-new-devices-when-signing-in).{% endif %}
@@ -62,9 +58,9 @@ If you need to use multiple accounts on {% data variables.location.product_locat
> [!NOTE]
> {% data reusables.two_fa.unlink-email-address %}
{% endif %}{% ifversion passkeys %}
{% endif %}
* **Passkey**
* You can add a passkey to your account to enable a secure, passwordless login. Passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys).{% endif %}
* You can add a passkey to your account to enable a secure, passwordless login. Passkeys satisfy both password and 2FA requirements, so you can complete your sign in with a single step. See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys).
{% ifversion ghes %}
* **External authentication**

4
content/authentication/keeping-your-account-and-data-secure/creating-a-strong-password.md
View File

@@ -22,8 +22,8 @@ You must choose or generate a password for your account on {% data variables.pro
To keep your account secure, we recommend you follow these best practices:
* Use a password manager to generate a password of at least 15 characters.
* Generate a unique password for {% data variables.product.github %}. If you use your {% data variables.product.github %} password elsewhere and that service is compromised, then attackers or other malicious actors could use that information to access your account.
* Configure two-factor authentication for your personal account. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication).{% ifversion passkeys %}
* {% data reusables.passkeys.add-passkey-option %}{% endif %}
* Configure two-factor authentication for your personal account. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication).
* {% data reusables.passkeys.add-passkey-option %}
* Never share your password, even with a potential collaborator. Each person should use their own personal account on {% data variables.product.github %}. For more information on ways to collaborate, see: [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/inviting-collaborators-to-a-personal-repository), [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/getting-started/about-collaborative-development-models), or [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations).
{% data reusables.repositories.blocked-passwords %}

3
content/authentication/keeping-your-account-and-data-secure/preventing-unauthorized-access.md
View File

@@ -19,8 +19,7 @@ shortTitle: Unauthorized access
After changing your password, you should perform these actions to make sure that your account is secure:
* Enable two-factor authentication on your account so that access requires more than just a password. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication).
{%- ifversion passkeys %}
* Add a passkey to your account to enable a secure, passwordless login. Passkeys are phishing-resistant, and they don't require memorization or active management. See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys).{% endif %}
* Add a passkey to your account to enable a secure, passwordless login. Passkeys are phishing-resistant, and they don't require memorization or active management. See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys).
* Review your SSH keys, deploy keys, and authorized OAuth apps and GitHub Apps and revoke unauthorized or unfamiliar access in your SSH and Applications settings. For more information, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys), [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-deploy-keys), [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/reviewing-your-authorized-oauth-apps), and [AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations).
{% ifversion fpt or ghec %}
* Verify all your email addresses. If an attacker added their email address to your account, it could allow them to force an unintended password reset. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-email-preferences/verifying-your-email-address).

2
content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md
View File

@@ -41,9 +41,7 @@ The events listed in your security log are triggered by your actions. Actions ar
| {% endif %} |
| `oauth_access` | Contains all activities related to OAuth access tokens. |
| `oauth_authorization` | Contains all activities related to authorizing {% data variables.product.prodname_oauth_apps %}. For more information, see [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps). |
| {% ifversion passkeys %} |
| `passkey` | Contains activities related to your passkeys. See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys). |
| {% endif %} |
| {% ifversion fpt or ghec %} |
| `payment_method` | Contains all activities related to paying for your {% data variables.product.prodname_dotcom %} subscription.
| {% endif %} |

8
content/authentication/keeping-your-account-and-data-secure/sudo-mode.md
View File

@@ -42,11 +42,10 @@ After you authenticate to perform a sensitive action, your session is temporaril
## Confirming access for sudo mode
To confirm access for sudo mode, you can authenticate with your password. Optionally, you can use a different authentication method, like {% ifversion passkeys %}a passkey, {% endif %}{% ifversion fpt or ghec %}a security key, {% data variables.product.prodname_mobile %}, or a 2FA code{% elsif ghes %}a security key or a 2FA code{% endif %}.
To confirm access for sudo mode, you can authenticate with your password. Optionally, you can use a different authentication method, like a passkey, {% ifversion fpt or ghec %}a security key, {% data variables.product.prodname_mobile %}, or a 2FA code{% elsif ghes %}a security key or a 2FA code{% endif %}.
{%- ifversion passkeys %}
* [Confirming access using a passkey](#confirming-access-using-a-passkey)
{%- endif %}
* [Confirming access using a security key](#confirming-access-using-a-security-key)
{%- ifversion fpt or ghec %}
* [Confirming access using GitHub Mobile](#confirming-access-using-github-mobile)
@@ -54,12 +53,9 @@ To confirm access for sudo mode, you can authenticate with your password. Option
* [Confirming access using a 2FA code](#confirming-access-using-a-2fa-code)
* [Confirming access using your password](#confirming-access-using-your-password)
{% ifversion passkeys %}
### Confirming access using a passkey
You must have a passkey registered to your account to confirm access to your account for sudo mode using a passkey. See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys).
{% endif %}
### Confirming access using a security key

8
content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md
View File

@@ -1,9 +1,11 @@
---
title: 'Switching between accounts'
title: Switching between accounts
intro: 'Learn how to switch between multiple {% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %} accounts and {% data variables.enterprise.prodname_managed_users %}{% else %}accounts{% endif %}.'
allowTitleToDifferFromFilename: true
versions:
feature: account-switcher
fpt: '*'
ghec: '*'
ghes: '*'
type: overview
topics:
- Identity
@@ -38,7 +40,7 @@ When you have added accounts to the account switcher, you can quickly change bet
1. In the menu, click **{% octicon "arrow-switch" aria-hidden="true" aria-label="arrow-switch" %} Switch account**.
1. In the submenu, click on the account that you want to switch to.
![Screenshot of the "Switch account" menu with three options, "octocat", "hubot", and "Add account".](/assets/images/help/profile/switch-accounts.png)
![Screenshot of the "Switch account" menu with three options, "octocat," "hubot," and "Add account."](/assets/images/help/profile/switch-accounts.png)
## Removing accounts from the account switcher

2
content/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication.md
View File

@@ -22,9 +22,7 @@ For {% data variables.product.github %}, the second form of authentication is a
{% data reusables.two_fa.after-2fa-add-security-key %}
{% ifversion passkeys %}
{% data reusables.passkeys.after-2fa-optional-add-passkey %} See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys).
{% endif %}
{% ifversion fpt or ghec %}
You can also use {% data variables.product.prodname_mobile %} for 2FA after configuring a TOTP mobile app or text messages. {% data variables.product.prodname_mobile %} uses public-key cryptography to secure your account, allowing you to use any mobile device that you've used to sign in to {% data variables.product.prodname_mobile %} as your second factor.

4
content/authentication/securing-your-account-with-two-factor-authentication-2fa/accessing-github-using-two-factor-authentication.md
View File

@@ -50,14 +50,10 @@ If you've set up a security key on your account, and your browser supports secur
1. To trigger the security key prompt from your operating system, select "Use security key."
1. Select the appropriate option in the prompt. Depending on your security key configuration, you may type a PIN, complete a biometric prompt, or use a physical security key.
{% ifversion passkeys %}
### Using a passkey
If you have enabled 2FA, and you have added a passkey to your account, you can use the passkey to sign in. Since passkeys satisfy both password and 2FA requirements, you can complete your sign in with a single step. See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys).
{% endif %}
{% ifversion fpt or ghec %}
### Receiving a text message

22
content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md
View File

@@ -37,14 +37,18 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}
{% endif %}
{% ifversion ghes < 3.17 %}
> [!WARNING]
> * If you're a member or outside collaborator to a private repository of an organization that requires 2FA, you must leave the organization before you can disable 2FA.
> * If you disable 2FA, you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable 2FA and contact an organization owner.
{% else %}
> [!WARNING]
> * If you're an outside collaborator to a private repository of an organization that requires 2FA, you must leave the organization before you can disable 2FA.
> * If you're a member{% ifversion fpt or ghec %} or billing manager{% endif %} of an organization that requires 2FA, you will be unable to access that organization's resources while you have 2FA disabled.
> * If you disable 2FA, you will automatically lose access to the organization. To regain access to the organization, if you're a member{% ifversion fpt or ghec %} or billing manager{% endif %}, you must re-enable 2FA. If you're an outside collaborator, you will also lose access to any private forks you have of the organization's private repositories after disabling 2FA, and must re-enable 2FA and contact an organization owner to have access restored.
{% endif %}
> [!NOTE]
@@ -55,7 +59,7 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}
A time-based one-time password (TOTP) application automatically generates an authentication code that changes after a certain period of time. These apps can be downloaded to your phone or desktop. We recommend using cloud-based TOTP apps. {% data variables.product.prodname_dotcom %} is app-agnostic when it comes to TOTP apps, so you have the freedom to choose any TOTP app you prefer. Just search for `TOTP app` in your browser to find various options. You can also refine your search by adding keywords like `free` or `open source` to match your preferences.
> [!TIP]
> To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time or save the "setup key", which is the TOTP secret. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings.
> To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time or save the "setup key," which is the TOTP secret. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings.
1. Download a TOTP app of your choice to your phone or desktop.
{% data reusables.user-settings.access_settings %}
@@ -87,8 +91,6 @@ If you're unable to configure a TOTP app, you can also register your phone numbe
{% endif %}
{% ifversion passkeys %}
## Configuring two-factor authentication using a passkey
{% data reusables.passkeys.about-passkeys %} See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys).
@@ -99,31 +101,21 @@ If you're unable to configure a TOTP app, you can also register your phone numbe
1. You must have already configured 2FA via a TOTP mobile app{% ifversion fpt or ghec %} or via SMS{% endif %}.
{% data reusables.passkeys.adding-a-passkey %}
{% endif %}
## Configuring two-factor authentication using a security key
{% ifversion passkeys %}
Not all FIDO authenticators can be used as passkeys, but you can still register those authenticators as security keys. Security keys are also WebAuthn credentials, but unlike passkeys they don't require user validation. Since security keys only need to verify user presence, they only count as a second factor and must be used in conjunction with your password.
{% else %}
On most devices and browsers, you can use a physical security key over USB or NFC. Most browsers can use the fingerprint reader, facial recognition, or password/PIN on your device as a security key as well.
{% endif %}
Registering a security key for your account is available after enabling 2FA with a TOTP application{% ifversion fpt or ghec %} or a text message{% endif %}. If you lose your security key, you'll still be able to use your phone's code to sign in.
1. You must have already configured 2FA via a TOTP mobile app{% ifversion fpt or ghec %} or via SMS{% endif %}.
1. Ensure that you have a WebAuthn compatible security key inserted into your device.
{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.security %}
1. Next to "Security keys", click **Add**.
1. Next to "Security keys," click **Add**.
![Screenshot of the "two-factor methods" section of the 2FA settings. A gray button labeled "Add" is outlined in orange.](/assets/images/help/2fa/add-security-keys-option.png)
1. Under "Security keys", click **Register new security key**.
1. Under "Security keys," click **Register new security key**.
1. Type a nickname for the security key, then click **Add**.
1. Following your security key's documentation, activate your security key.
1. Confirm that you've downloaded and can access your recovery codes. If you haven't already, or if you'd like to generate another set of codes, download your codes and save them in a safe place. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods#downloading-your-two-factor-authentication-recovery-codes).

14
content/authentication/securing-your-account-with-two-factor-authentication-2fa/recovering-your-account-if-you-lose-your-2fa-credentials.md
View File

@@ -34,17 +34,13 @@ Use one of your recovery codes to automatically regain entry into your account.
> [!NOTE]
> If you do not know your password, you can use a recovery code after requesting a new password. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/updating-your-github-access-credentials#requesting-a-new-password).
1. Under "Having problems?", click **Use a recovery code{% ifversion fpt or ghec %} or begin 2FA account recovery{% endif %}**.
1. Under "Having problems?," click **Use a recovery code{% ifversion fpt or ghec %} or begin 2FA account recovery{% endif %}**.
1. Type one of your recovery codes, then click **Verify**.
{% ifversion passkeys %}
## Authenticating with a passkey
If you have added a passkey to your account, you can use your passkey to automatically regain access to your account. Passkeys satisfy both password and 2FA requirements, so you don't need to know your password in order to recover your account. See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys).
{% endif %}
## Authenticating with a security key
If you configured two-factor authentication using a security key, you can use your security key as a secondary authentication method to automatically regain access to your account. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication#configuring-two-factor-authentication-using-a-security-key).
@@ -72,11 +68,11 @@ You can use your two-factor authentication credentials or two-factor authenticat
> [!WARNING]
> {% data reusables.accounts.you-must-know-your-password %}
1. Under "Having problems?", click **Use a recovery code or begin 2FA account recovery**.
1. Under "Locked out?", click **Try 2FA account recovery, or unlink your account email address(es)**.
1. Under "Having problems?," click **Use a recovery code or begin 2FA account recovery**.
1. Under "Locked out?," click **Try 2FA account recovery, or unlink your account email address(es)**.
1. Click **I understand, get started** to request a reset of your authentication settings.
1. Click **Send one-time password** to send a one-time password to all eligible addresses associated with your account. Only verified emails are eligible for account recovery. If you've restricted password resets to your primary and/or backup addresses, these addresses are the only addresses eligible for account recovery.
1. Under "One-time password", type the temporary password from the recovery email {% data variables.product.prodname_dotcom %} sent, then click **Verify email address**.
1. Under "One-time password," type the temporary password from the recovery email {% data variables.product.prodname_dotcom %} sent, then click **Verify email address**.
1. {% data reusables.accounts.alternative-authentication %}
{% data reusables.accounts.alternative-authentication-note %}
1. {% data reusables.accounts.support-request-recovery %}
@@ -95,7 +91,7 @@ If you have lost access to your two-factor authentication credentials and your r
{% data reusables.accounts.request-password-reset-link %}
1. On {% data variables.product.prodname_dotcom %}, you will be prompted for your 2FA credentials. Under "Having problems?", click **Start a 2FA recovery request or unlink your account email address(es)**.
1. On {% data variables.product.prodname_dotcom %}, you will be prompted for your 2FA credentials. Under "Having problems?," click **Start a 2FA recovery request or unlink your account email address(es)**.
1. To complete your recovery request, you'll need to verify an alternative authentication factor.
{% data reusables.accounts.alternative-authentication %}
{% data reusables.accounts.alternative-authentication-note %}