GitHub deprecates account passwords for authenticating Git operations

Good; but this raises the question of, considering how many times static password have been uploaded to Github, how good developers are at protecting ssh keys…:

[…] “Starting on August 13, 2021, at 09:00 PST, we will no longer accept account passwords when authenticating Git operations on,” the company said.

“Instead, token-based authentication (for example, personal access, OAuth, SSH Key, or GitHub App installation token) will be required for all authenticated Git operations.”

If you’re still using a username and password to authenticate Git operations, you should take the following steps to avoid disruption when the new requirements are enacted tomorrow:

  1. For developers, if you are using a password to authenticate Git operations with today, you must begin using a personal access token over HTTPS (recommended) or SSH key by August 13, 2021, to avoid disruption. If you receive a warning that you are using an outdated third-party integration, you should update your client to the latest version.
  2. For integrators, you must authenticate integrations using the web or device authorization flows by August 13, 2021, to avoid disruption. For more information, see Authorizing OAuth Apps and the announcement on the developer blog.


Original Article