Open in app

Sign in

Write

Sign in

Transitioning from Password Authentication to Personal Access Tokens on GitHub

Matúš Seidl
CodeX
Published in
3 min readJul 5, 2024

On August 13, 2021, GitHub took a significant step to enhance the security of its platform by removing support for password authentication. This change requires users to adopt more secure authentication methods such as personal access tokens (PATs), SSH keys, or OAuth. If you’re still using your account password for API operations or git activities, it’s time to make the switch. In this blog post, I’ll guide you through the process of generating and using a personal access token (PAT) with GitHub.

Why the Change?

Passwords, while convenient, pose security risks, especially when used across multiple sites or when not managed securely. Personal access tokens provide a more secure alternative. They can be limited to specific scopes or permissions, reducing the risk in case the token is compromised.

Generating a Personal Access Token (PAT)

Follow these steps to generate your PAT:

1. Sign in to GitHub

Head over to GitHub and log in to your account.

2. Navigate to Settings

Click on your profile picture in the upper-right corner and select “Settings.”

3. Go to Developer Settings

On the left sidebar, scroll down and click on “Developer settings.”

4. Access Personal Access Tokens

Click on “Personal access tokens” and then “Generate new token.”

5. Select Scopes and Permissions

Choose the scopes or permissions you want to grant this token. For example, you might want to select “repo” for full control of private repositories.

6. Generate and Secure the Token

Click “Generate token.” Be sure to copy the token and store it securely. You won’t be able to see it again.

Using the Personal Access Token

Now that you have your PAT, you can use it in place of your password for GitHub operations. Here’s how:

When Cloning a Repository

git clone https://github.com/username/repo.git
Username: your_username
Password: your_personal_access_token

For Push and Pull Operations

You can perform git operations like push and pull using your PAT in place of your password.

git push origin main
Username: your_username
Password: your_personal_access_tokens

A More Secure Alternative: SSH Keys

For those who frequently interact with GitHub, using SSH keys can provide an even more secure and convenient method of authentication. Here’s a quick overview of setting up SSH keys:

1. Generate an SSH Key Pair

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

2. Add the SSH Key to the SSH Agent

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

3. Add the SSH Key to Your GitHub Account

Copy the contents of your SSH public key:

cat ~/.ssh/id_rsa.pub

Then, go to GitHub, navigate to Settings > SSH and GPG keys > New SSH key, and paste the key.

By transitioning to personal access tokens or SSH keys, you not only comply with GitHub’s updated security protocols but also significantly enhance the security of your interactions with the platform.

Feel free to share your experiences or ask any questions in the comments below. Happy coding!

If you found this post helpful, please click the clap 👏 button and follow me for more tech tips and tutorials!

Github
Freelancers
Software Development
Blogging
Developer

--

--

Matúš Seidl
CodeX

Written by Matúš Seidl

19 Followers
Writer for

During my free time, I write blog posts, not code.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams