Could it be that your token has expired? AFAIK the “Support for password authentication was removed” message appears on any login failure over HTTPS.

The token was maybe 90 days or so old… is that how long it lives? The error message should suggest that as a possibility, and remind the user where to refresh it!

It’s one of the options you’re offered when generating the token, the default seems to be 30 days. I don’t know which option you chose when you generated the token. 🙂

You can create a token that doesn’t expired (you can still revoke it). Of course a non-expiring token is more convenient, but also someone who can steal it can do damage for longer if you don’t notice and revoke the token. You’ll have to find the balance between convenience and security that fits your needs.

I think I generated the token in June, but I don’t remember if I selected a lifetime. Is there some place that will tell me that the PAT is indeed expired? Do I just repeat the process that created one in the first place, to create another, or do I have to do something to revoke the old one first (especially if it has not quite yet expired)? If I know how long the PAT is good for, I could make a note to change it on a specific date.

It just keeps getting stranger and stranger. The PAT is listed as NOT expired. I then looked over the string (PAT) I was trying, and counted the characters, and it was one longer than my notes said it should be! I don’t know how it picked up an extra character, but that would certainly be the wrong token value. It’s unfortunate that the “password” input line doesn’t echo the token value, or I would have seen this a lot earlier.

Anyway, thank you for taking the time to work with me on this; hopefully the problem is fully resolved. The information given here might be of use to others – I will try to close it, but hopefully it will stick around for reference.