As of August 2021, Github has removed support for using your account password from the Git command line. You can still use HTTPS, but you will need to set up a Personal Access Token to use instead of your password.

What Are Personal Access Tokens?

Github still chooses to recommend easier-to-use HTTPS endpoints for accessing repos, but their password based security is a major downside. This is why, if you’ve tried to push or pull code using your account password recently, you may have received the following error:

Git’s command line is a bit misleading here, because it does ask for your “password,” but Git wants you to use something called a Personal Access Token (PAT). This works a lot like a secondary password, except it’s unique, more secure, and can be given more specific permissions that let you grant access to your account safely.

You use PATs exactly like passwords—instead of typing in your account password for git, you’ll enter the PAT. You can also choose to cache the token forever, so you don’t have to enter it in all the time. This token can also be used to access the Github API, but that isn’t necessary for most people’s usage.

You can also switch to SSH based authentication, which works pretty similarly to access tokens, except they’re tied to your machine and not transmitted anywhere. Still, PATs are easy to set up and use, and do have more flexible permissions than SSH keys.

RELATED: How To Switch a Github Repository to SSH Authentication

Making a New Personal Access Token

Setting up a PAT will require you to make a new one from Github’s settings, and swap your local repositories over to using them. Head over to your personal account settings to generate a new token. Scroll down to “Developer Settings.” Select “Personal Access Tokens,” and generate a new one:

You’ll need to verify your actual account password. Give the token a name, and select an expiration date. You probably want to change it from the default of 30 days, though Github will show a warning if you select “No Expiration.” It’s not terrible to have a permanent token, but you should likely be changing passwords and tokens at least every 6 months.

Finally, you can choose which scopes this token has. This allows you to allow or disallow certain actions. If you just want to use git from the command line with your repositories, you probably only care about the “repo” scope, which gives control over your repositories.

You’ll get a token like the following, that can be used in place of your password:

Switching To Personal Access Tokens

If your account password isn’t cached, you can simply enter in the new token, and it should work. If your cache is stale though, you will need to reset it.

On Windows, if you’re using native Git (not through WSL), you will need to open up “Manage Windows Credentials” from Control Panel or the Start Menu, and edit or add the password to git:https://github.com.

On macOS, it’s accessible through the Keychain Access app. Search for “github.com,” find the “internet password” entry for your Git account, and change the key.

For Linux or WSL, you’ll need to unset the cache, either locally (for a single repo), or globally:

Then, you can push or pull from your repo normally, and it will have you enter the new PAT if it’s not yet cached. You can cache this token for longer, either by editing the cache timeout in the credential helper:

Or by configuring it to store the credentials permanently in ~/.github-credentials:

Note that if you previously had this cache turned on, you may need to delete the line with the old cached credentials in the ~/.github-credentials file.