GitHub has introduced at the moment that account passwords will now not be accepted for authenticating Git operations beginning tomorrow.
This modification was first announced last year, in July, when GitHub stated that authenticated Git operations would require utilizing an SSH key or token-based authentication.
GitHub additionally deprecated password-based authentication for authenticating by way of the REST API starting with November 13, 2020.
“Beginning on August 13, 2021, at 09:00 PST, we’ll now not settle for account passwords when authenticating Git operations on GitHub.com,” the corporate said.
“As an alternative, token-based authentication (for instance, private entry, OAuth, SSH Key, or GitHub App set up token) can be required for all authenticated Git operations.”
In the event you’re nonetheless utilizing a username and password to authenticate Git operations, it is best to take the next steps to keep away from disruption when the brand new necessities are enacted tomorrow:
- For builders, in case you are utilizing a password to authenticate Git operations with GitHub.com at the moment, you need to start utilizing a personal access token over HTTPS (really useful) or SSH key by August 13, 2021, to keep away from disruption. In the event you obtain a warning that you’re utilizing an outdated third-party integration, it is best to replace your shopper to the newest model.
- For integrators, you need to authenticate integrations utilizing the net or device authorization flows by August 13, 2021, to keep away from disruption. For extra info, see Authorizing OAuth Apps and the announcement on the developer blog.
If you wish to make sure that you are now not utilizing password-based authentication, you’ll be able to enable two-factor authentication, which requires OAuth or private entry tokens for all authenticated operations by way of Git and third-party integrations.
If you have already got two-factor authentication enabled to your GitHub account, you’ll not be affected by this authentication change in any approach since you are already utilizing token- or SSH-based authentication.
The enforced token-based authentication for authenticating Git operations will increase GitHub accounts’ resilience in opposition to takeover makes an attempt by stopping attackers from utilizing stolen credentials or reused passwords to hijack accounts.
In Could, GitHub additionally added help for securing SSH Git operations using FIDO2 security keys for added safety from takeover makes an attempt.