Github Changes Authentication Policy
WTF Github, I ended up writing this whole blog post again. ugh.
It all started with an email github sent titled “Deprecation Notice”.
Apparently, last month Github thought of deprecating the password based authentication for it’s repositories. They switched to either of the two methods instead:
Now this came as a shocker, even though the deadline is August 13, 2021. Although they have published it on their blog, not many people have come to know about it, atleast none of my friends. So more the need to bring it out to notice.
Now, why are we using an SSH/PAT based approach exactly? I mean, it was fine while we were using the usual password based authentication. Well, as we know, tokens have been used everywhere. Be it a django app, or a password reset form which I am pretty sure everyone reading this has filled, atleast twice.
and if not, then wow, you have either a very good memory, or you need to update your passwords!
Coming back to PAT. The reasons it is preffered are:
- Unique – tokens are specific to GitHub and can be generated per use or per device.
- Revocable – tokens can can be individually revoked at any time without needing to update unaffected credentials.
- Limited – tokens can be narrowly scoped to allow only the access necessary for the use case.
- Random – tokens are not subject to the types of dictionary or brute force attempts that simpler passwords that you need to remember or enter regularly might be.
This is a 3 part blog, where I will be showing you what the changes are, and how to enable SSH based auth and create Personal Authentication Tokens.
Feel free to contact me over twitter