Security News > 2021 > August > GitHub deprecates account passwords for authenticating Git operations
GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow.
"Starting on August 13, 2021, at 09:00 PST, we will no longer accept account passwords when authenticating Git operations on GitHub.com," the company said.
For developers, if you are using a password to authenticate Git operations with GitHub.com today, you must begin using a personal access token over HTTPS or SSH key by August 13, 2021, to avoid disruption.
If you want to ensure that you're no longer using password-based authentication, you can enable two-factor authentication, which requires OAuth or personal access tokens for all authenticated operations via Git and third-party integrations.
The enforced token-based authentication for authenticating Git operations increases GitHub accounts' resilience against takeover attempts by preventing attackers from using stolen credentials or reused passwords to hijack accounts.
In May, GitHub also added support for securing SSH Git operations using FIDO2 security keys for added protection from takeover attempts.