Two new features have been added to GitHub, the most popular software development platform in the world, to improve developer safety and efficiency. New features in GitHub’s public beta release include passkey authentication for password-free account access and a merge queue for automated branch management.
The two most common methods of account security are passwords and two-factor authentication (2FA). However, these approaches are not failsafe and can result in security holes in your accounts. In order to access your GitHub account, you no longer need a password or two-factor authentication if you use passkey authentication.
Passkeys are a more secure and trustworthy alternative to traditional passwords because they consist of a private-public key pair generated on a per-domain basis. In the words of GitHub’s staff product manager, Hirsch Sighal: “passkeys offer the strongest mix of security and reliability and make accounts significantly more secure without compromising account access, which remains an issue with other 2FA methods like SMS, TOTP, and existing single-device security keys.”
It is much more difficult for hackers to guess or phish a passkey than a traditional password. Users don’t have to remember anything, so they’re less likely to forget it and lose it. Instead, the devices do the identity verification for the user before sending them on to authenticate with the website.
A common problem for GitHub users is losing access to their accounts when their devices break or are replaced. Passkeys allow for cross-device syncing, and trustworthy passkey providers like iCloud, Dashlane, 1Password, Google, and Microsoft make this possible. These companies have set up safe methods for syncing passwords between devices and the cloud, making it impossible to lose access to your account.
With GitHub’s merge queue, multiple developers can make code commits at once, and the platform will automatically merge any pull requests that are compatible with the changes. If you have multiple pull requests in the queue, the merge queue will create a temporary branch that merges the most recent changes from the base branch with the changes from the other pull requests.
In the past, developers often went through a loop of updating their pull request branches before merging. This was essential to guarantee that merging their changes into the main code branch would not cause any issues. Each change required a new set of CI tests to be run before the developer could move forward with the merge. In addition, every developer had to start over if another pull request was merged.
The merging of code pull requests is orchestrated by merge queue to improve efficiency. Clicking “merge when ready” on the pull request page or via GitHub Mobile will add a pull request to the merge queue when it is destined for a branch that makes use of a merge queue.
When a user submits a pull request, the changes from the base branch, any other pull requests in the queue, and the user’s own pull request are all merged into a temporary branch within the queue. When a pull request reaches the front of the queue, it is automatically removed if it has merge conflicts or fails any required status checks. The user receives a notification at the same time. Once the problem has been fixed, the pull request can be resubmitted.
Instead of risking code conflicts and endless rework by merging directly onto a busy branch, GitHub provides a merge queue to handle these situations. Because of the merge queue, you won’t have to constantly run CI checks and update pull request branches. It helps to manage and streamline the development process by providing insights into the number of merged pull requests and tracking trends over the last 30 days.
In summary, passkey authentication and the merge queue are two major new features on GitHub that improve developer safety and efficiency. Passkeys provide easy-to-use and hard-to-lose passwordless and secure account access by doing away with the need for both passwords and two-factor authentication. A merge queue is a type of automated branch management system that helps to streamline the development process by systematically orchestrating the merging of code pull requests.
GitHub’s reputation as a trustworthy and user-friendly platform has been bolstered by these changes. GitHub has become a go-to for industry professionals thanks to its dedication to improving the user experience.
First reported on VentureBeat
Frequently Asked Questions
Q1: What are the new features added to GitHub in the public beta release?
GitHub has introduced two new features in its public beta release. The first feature is passkey authentication, which provides password-free account access through the use of private-public key pairs generated on a per-domain basis. The second feature is a merge queue, which automates branch management and allows multiple developers to make code commits simultaneously, merging compatible pull requests in a systematic manner.
Q2: How does passkey authentication work on GitHub?
Passkey authentication is a more secure alternative to traditional passwords and two-factor authentication (2FA). Instead of relying on passwords, passkeys consist of private-public key pairs generated on a per-domain basis. Passkeys are more difficult to guess or phish, making them a more secure option. Users don’t have to remember anything as the devices handle the identity verification before authenticating with the website. Passkeys also enable cross-device syncing, ensuring access to the GitHub account even when devices are replaced or broken.
Q3: What are the advantages of using passkey authentication on GitHub?
Passkey authentication offers a stronger mix of security and reliability compared to traditional 2FA methods like SMS and TOTP, as well as existing single-device security keys. It reduces the risk of compromised accounts while maintaining convenient account access. Passkeys are harder to guess or phish, and users are less likely to forget or lose them. Additionally, passkey providers like iCloud, Dashlane, 1Password, Google, and Microsoft offer safe methods for syncing passwords between devices and the cloud, ensuring users don’t lose access to their accounts.
Q4: How does the merge queue feature work on GitHub?
The merge queue feature in GitHub allows multiple developers to make code commits simultaneously, and the platform automatically merges pull requests that are compatible with the changes. When multiple pull requests are in the queue, the merge queue creates a temporary branch that combines the most recent changes from the base branch with the changes from the other pull requests. This automated process helps streamline the development workflow by reducing the need for manual updating of pull request branches and running CI tests for each change.
Q5: What issues does the merge queue on GitHub address?
The merge queue on GitHub addresses the challenges developers face when updating pull request branches and ensuring compatibility with the main code branch. Previously, developers had to go through a loop of updating their pull request branches and running CI tests to avoid potential conflicts. If another pull request was merged, developers had to start over. The merge queue eliminates these issues by managing the merging of pull requests in a systematic manner, reducing the risk of code conflicts and streamlining the development process.
Q6: How do passkey authentication and the merge queue improve developer safety and efficiency on GitHub?
Passkey authentication enhances developer safety by providing a more secure and reliable account access method. It eliminates the vulnerabilities associated with traditional passwords and certain 2FA methods. The merge queue improves efficiency by automating branch management, allowing multiple developers to work simultaneously, and systematically merging pull requests. It reduces the need for manual branch updates and CI tests, making the development process more streamlined and productive.
Q7: How do these new features contribute to GitHub’s reputation and user experience?
These new features contribute to GitHub’s reputation as a trustworthy and user-friendly platform. By introducing passkey authentication, GitHub addresses security concerns and offers an easy-to-use and hard-to-lose passwordless access method. The merge queue feature enhances the development experience by simplifying branch management and providing insights into merged pull requests. GitHub’s dedication to improving user experience and introducing innovative features has solidified its position as the most popular software development platform in the world.
Featured Image Credit: Unsplash