GitHub abolishes password authentication when operating Git, authentication by token will be required in the future

GitHub has announced that it will abolish password authentication, which is one of the authentication methods for Git operation on the command line. In November 2020, the service abolished password authentication when using

REST API and shifted to token authentication such as two-step authentication, and this announcement expands the scope.

Token authentication requirements for Git operations --The GitHub Blog

In recent years, GitHub has been focusing on improving security functions based on tokens, such as two-step verification, sign-in alert, device authentication, and support for WebAuthn . Token is a stronger authentication method than password authentication, which has features such as 'unique to each user', 'can be reissued at any time', and 'easy to limit access range'.

What is the future of two-step authentication that replaces password authentication? --GIGAZINE

However, for historical reasons, GitHub explained that there are accounts that only use password authentication when operating Git. In light of these circumstances, GitHub has decided to abolish 'password authentication during Git operation' from August 13, 2021. The affected operations are:

-Command line Git access
-Desktop application using Git (

GitHub Desktop has no effect)
・ Apps and services that directly access the Git repository on GitHub using a password

In addition, if any of the following conditions are met, there is no effect of the abolition of password authentication this time.

・ Introducing two-step verification
・ SSH-based authentication
・ I am using GitHub Enterprise Server
・ I'm using GitHub Apps

Developers affected by the abolition of password authentication will need to switch to authentication using personal access tokens via HTTPS or SSH when operating Git, or enable stepwise authentication on GitHub for the entire account. In addition, the system integrator needs to incorporate OAuth etc. as an authentication function.

How does 'OAuth 2.0' used to give access authority on SNS etc. work? --GIGAZINE

In order to alleviate the confusion caused by the abolition of password authentication, GitHub plans to abolish password authentication on August 13, 2021 while performing 'temporary abolition' on the following schedule. All dates are in Japan time.

◆ Temporary abolition period
・ June 30, 2021 from 15:00 to 19:00
・ July 1, 2021 4:00
・ July 28, 2021 from 15:00 to 19:00
・ July 29, 2021 4:00

in Web Service,   Security, Posted by darkhorse_log