GitHub Kisses Passwords Goodbye – InApps Technology 2025

Main Contents:

GitHub Kisses Passwords Goodbye – InApps Technology is an article under the topic Software Development Many of you are most interested in today !! Today, let’s InApps.net learn GitHub Kisses Passwords Goodbye – InApps Technology in today’s post !

Key Summary

This article from InApps.net discusses GitHub’s decision to eliminate password-based authentication for Git operations, effective August 13, 2021, to enhance security. Key points include:

Password Phase-Out: GitHub no longer accepts account passwords for Git operations due to their inadequate security, requiring stronger authentication methods.
Two-Factor Authentication (2FA) Requirement: Users must enable 2FA, using options like:
- Personal access tokens or SSH keys for developers.
- OAuth or GitHub App installation tokens for integrators.
2FA Options:
- Preferred methods include time-based one-time passwords (TOTPs) via authenticator apps or WebAuthn-compatible security keys (e.g., YubiKeys).
- SMS-based 2FA is discouraged due to vulnerabilities like SIM swapping, phishing, and SS7 network issues.
YubiKey Support: GitHub promotes YubiKeys for secure authentication and commit verification (via GPG keys), offering branded YubiKey 5 NFC and 5C NFC keys ($45–$55). Guides and videos are provided for setup.
Context and Reaction: Announced eight months prior, the change sparked user complaints, but the article emphasizes its necessity to block attacks. Enabling 2FA significantly enhances account security.
Broader Trend: GitHub’s move aligns with its parent company Microsoft’s push to eliminate passwords, reflecting industry-wide efforts to address password-related security risks.

Read more about GitHub Kisses Passwords Goodbye – InApps Technology at Wikipedia

You can find content about GitHub Kisses Passwords Goodbye – InApps Technology from the Wikipedia website

We’ve all known for ages now that passwords don’t provide good enough security. That, however, hasn’t stopped us from still relying on passwords for security. They’re the lowest common security denominator. The top developer site GitHub has had enough second-rate security. So, as of Aug. 13, GitHub blocked the use of account passwords when authenticating Git operations.

Instead, Git now requires you to use two-factor authentication (2FA) factors to use its core Git services. These factors can include personal access tokens; SSH keys, for developers; or OAuth or GitHub App installation tokens for integrators.

People aren’t happy about this. To them, I can only say, “Get over it.”

It’s not like GitHub sprang this as a surprise on us. GitHub warned this was coming eight months ago. I quote: “Beginning Aug. 13, 2021, we will no longer accept account passwords when authenticating Git operations on GitHub.com.”

People being people, however, there’s still a lot of grumbling. Seriously, it’s not that hard.

First, enable 2FA for your GitHub account. Just by doing this alone, you’ll block a wide range of attacks.

2FA works by requiring you to have two out of three kinds of credentials to access an account. These are:

Something you know or can be given. Commonly this is a one-time PIN.
Something you have, such as a secure ID card, a cellular phone, or a hardware security key.
Something you are, these are biometric factors such as a fingerprint, retinal scan, or voice print.

GitHub gives you numerous options for using 2FA. These include:

While texting is available, GitHub strongly recommends you use security keys or TOTPs instead. That’s because there are way too many ways to break text-based 2FA. These include SIM swapping, text-spoofing, phishing, and security holes in the SS7 network, which telecoms use to manage calls and texts between phone numbers.

GitHub is fondest of the emerging WebAuthn secure authentication standard. It’s used, to one extent or the other, in all the modern 2FA methods except for SMS.

The company also favors the use of YubiKeys. I like YubiKeys myself. After securing your account with one, there’s much more you can do with them. For example, you can digitally sign your git commits using a GPG key stored on your security key. GitHub provides a detailed guide for setting up your YubiKey with GitHub for commit verification and for SSH-based authentication. GitHub has also partnered with Yubico to create a step-by-step video guide to help you enable your security key for SSH keys and commit verification.

Last, but not least, GitHub is offering branded YubiKey 5 NFC and YubiKey 5C NFC keys for sale. They’re not cheap, ranging in price from $45 to $55 but they last for years and make securing logging in not just to GitHub but all your other secured sites and services easy as well.

Moreover, GitHub isn’t the only company that wants you to give up passwords. Its parent company Microsoft wants to see the end of passwords sooner rather than later. As Alex Simons, Microsoft Identity Program Management’s Corporate VP said we’ve “been working hard this year in making passwords a thing of the past.”

Considering the endless security problems that can be traced back to passwords that day can’t come soon enough.

Feature Image par Alexander Lesnitsky de Pixabay.

Source: InApps.net

Rate this post

Phu Nguyen

As a Senior Tech Enthusiast, I bring a decade of experience to the realm of tech writing, blending deep industry knowledge with a passion for storytelling. With expertise in software development to emerging tech trends like AI and IoT—my articles not only inform but also inspire. My journey in tech writing has been marked by a commitment to accuracy, clarity, and engaging storytelling, making me a trusted voice in the tech community.