GitHub on Thursday announced to deprecate the password-based authentication system for verifying the Git operations on its platform.

Instead, users should follow a token-based or SSH-based authentication system. This ensures that user accounts are better protected against hackers, who may use reused passwords for hijacking accounts.

Ditching Password System For Good

GitHub, the popular version control system, has just announced to deprecate a traditional password-based authentication for all Git operations on its platform.

Instead, it now asks users to authenticate their Git operations through a token-based system like personal access, OAuth, SSH Key, or GitHub App installation token.

Starting August 13, if you’re a developer and user password to authenticate Git operations on, you should switch to using a personal access token over HTTPS (recommended) or SSH key.

And update the client to the latest version if you see a warning saying that you’re using an outdated third-party integration.

And integrators, on the other hand, should authenticate their integrations using the web or device authorization flows to avoid disruption. Learn more on Authorizing OAuth Apps and from announcements on the developer blog.

And if you’re using two-factor authentication, you must not be affected by this change. GitHub supports using OAuth or personal access tokens for all authenticated operations via Git and third-party integrations.

The platform has earlier added support for securing SSH Git operations through FIDO2 keys and other security measures like WebAuth, verified devices, sign-in alerts, etc.

Today’s announcement for removing the password-based authentication system prevents attackers from hijacking accounts through stolen credentials or reused passwords.

Users are often seen using weak and same passwords for various online accounts, putting them at risk in account takeovers.


Please enter your comment!
Please enter your name here