As of August 2021, Github has removed support for using your account password from the Git command line. You can still use HTTPS, but you will need to set up a Personal Access Token to use instead of your password.
What Are Personal Access Tokens?
Github still chooses to recommend easier-to-use HTTPS endpoints for accessing repos, but their password based security is a major downside. This is why, if you’ve tried to push or pull code using your account password recently, you may have received the following error:
remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
Git’s command line is a bit misleading here, because it does ask for your “password,” but Git wants you to use something called a Personal Access Token (PAT). This works a lot like a secondary password, except it’s unique, more secure, and can be given more specific permissions that let you grant access to your account safely.
You use PATs exactly like passwords—instead of typing in your account password for
git, you’ll enter the PAT. You can also choose to cache the token forever, so you don’t have to enter it in all the time. This token can also be used to access the Github API, but that isn’t necessary for most people’s usage.
You can also switch to SSH based authentication, which works pretty similarly to access tokens, except they’re tied to your machine and not transmitted anywhere. Still, PATs are easy to set up and use, and do have more flexible permissions than SSH keys.
Making a New Personal Access Token
Setting up a PAT will require you to make a new one from Github’s settings, and swap your local repositories over to using them. Head over to your personal account settings to generate a new token. Scroll down to “Developer Settings.” Select “Personal Access Tokens,” and generate a new one:
You’ll need to verify your actual account password. Give the token a name, and select an expiration date. You probably want to change it from the default of 30 days, though Github will show a warning if you select “No Expiration.” It’s not terrible to have a permanent token, but you should likely be changing passwords and tokens at least every 6 months.
Finally, you can choose which scopes this token has. This allows you to allow or disallow certain actions. If you just want to use
git from the command line with your repositories, you probably only care about the “repo” scope, which gives control over your repositories.
You’ll get a token like the following, that can be used in place of your password:
Switching To Personal Access Tokens
If your account password isn’t cached, you can simply enter in the new token, and it should work. If your cache is stale though, you will need to reset it.
On Windows, if you’re using native Git (not through WSL), you will need to open up “Manage Windows Credentials” from Control Panel or the Start Menu, and edit or add the password to
On macOS, it’s accessible through the Keychain Access app. Search for “github.com,” find the “internet password” entry for your Git account, and change the key.
For Linux or WSL, you’ll need to unset the cache, either locally (for a single repo), or globally:
git config --local --unset credential.helper git config --global --unset credential.helper
Then, you can push or pull from your repo normally, and it will have you enter the new PAT if it’s not yet cached. You can cache this token for longer, either by editing the cache timeout in the credential helper:
git config --global credential.helper "cache --timeout=86400"
Or by configuring it to store the credentials permanently in
git config credential.helper store
Note that if you previously had this cache turned on, you may need to delete the line with the old cached credentials in the