Authentication with access tokens and git bash

I got an e-mail message that says:

Basic authentication using a password to Git is deprecated and will soon no longer work.

First, I don’t know how to respond to this. Do I want to create a personal access token? Do I want two-factor authentication?

Second, what are the implications of doing something?

Third, I primarily use git bash to update my repositories. If I pick one of these, will I have to change how I use bash? Can it handle two-factor authentication or PATs? How?

Where is the documentation for using bash under this new authorization scheme?

I’d like to make an intelligent decision for this. Does anyone have advice on that?

Thanks!

These are independent: A PAT is for Git over HTTPS or API authentication. 2FA is for login on the GitHub website.

You only need to use the PAT where you currently your password. Best use a password manager to store it, and maybe see Caching credentials. The alternative is to use SSH (which would require you to update the repository remote URLs).

1 Like

Thank you for your reply.

I’m not clear about your second answer. When I use bash to update the repository on the GItHub server, it asks for a password in a window. If I set up a PAT, can I use that where it asks for the password? I don’t understand the process for using this new authentication with git bash.

And when you say using SSH would require me to update the repository remote URLs, how would I actually change that? When I look at my repositories, they all have https:// prefixes for their URLs. Do you mean that I’d have to use a different setting on bash?

I don’t like the options for two-factor authentication because they both require the use of a phone. Organizations should not require anyone to use a cell phone to access their Web-based services.

That should work, yes.

With git remote set-url. On GitHub you can find the right URL for each available protocol behind the green “Code” button on the repository page.

You don’t really need a phone, you can use a TOTP-capable application on your computer, e.g. KeePassXC. Of course having password and TOTP code on the same device somewhat reduces the security benefit of the second factor.

Thank you for your response. I was interrupted by a different project, but I can use this advice.

Thanks!

Rich Wingerter

1 Like