These features make it more difficult for an attacker to take a password that’s been reused across multiple websites and use it to try to gain access to your GitHub account. In recent years, GitHub customers have benefited from a number of security enhancements to, such as two-factor authentication, sign-in alerts, verified devices, preventing the use of compromised passwords, and WebAuthn support. We described our motivation as we announced similar changes to authenticating with the API as follows: The following customers remain unaffected by this change: Beginning August 13, 2021, we will no longer accept account passwords when authenticating Git operations on.
In July 2020, we announced our intent to require the use of token-based authentication (for example, a personal access, OAuth, or GitHub App installation token) for all authenticated Git operations.
