GitHub abolishes password authentication when operating Git, token authentication will be required from now on



GitHub has announced that it will abolish password authentication, one of the authentication methods when operating Git on the command line. In November 2020, the service abolished password authentication when using

REST API and moved to token authentication such as two-step authentication, and this announcement expands its scope.

Token authentication requirements for Git operations - The GitHub Blog
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/

In recent years, GitHub has been focusing on improving token-based security functions, such as two-factor authentication, sign-in alerts, device authentication, and support for WebAuthn . Tokens are a stronger authentication method than password authentication because they are unique for each user, can be reissued at any time, and can easily limit access.

What is the future of two-step authentication that replaces password authentication? -GIGAZINE



However, GitHub explains that for historical reasons, there are accounts that only use password authentication when operating Git. In light of this situation, GitHub has decided to abolish 'password authentication during Git operations' from August 13, 2021. The operations affected are:

・Git access via command line
・Desktop applications that use Git (

GitHub Desktop is not affected)
・Apps and services that directly access Git repositories on GitHub using passwords

Additionally, if any of the following conditions apply, there will be no impact from this discontinuation of password authentication.

・Introduced two-step authentication
- Performs SSH-based authentication
・Using GitHub Enterprise Server
・Using GitHub Apps

Developers affected by the deprecation of password authentication will need to switch to authentication using personal access tokens through HTTPS or SSH when working with Git, or enable GitHub two-factor authentication for their entire account. Additionally, system integrators must incorporate OAuth as an authentication function.

How does 'OAuth 2.0' used to grant access privileges on SNS etc. work? -GIGAZINE



In order to alleviate the confusion caused by the abolition of password authentication, GitHub plans to abolish password authentication on August 13, 2021, while implementing a 'temporary abolition' on the following dates. Please note that all dates are in Japan time.

◆Temporary discontinuation period
・June 30, 2021 15:00-19:00
・July 1, 2021 1-4 p.m.
・July 28, 2021 15:00-19:00
・July 29, 2021 1-4 p.m.

Related Posts:

in Web Service,   Security, Posted by darkhorse_log