Basic authentication using a password to the API #24335
-
Hi, Once a week I receive this email from github -> Hi @YannBerry, On November 10th, 2020 at 10:37 (UTC) you used a password to access an endpoint through the GitHub API using curl: https://api.github.com/user/orgs Basic authentication using a password to the API is deprecated and will soon no longer work. Visit https://developer.github.com/changes/2020-02-14-deprecating-password-auth/ for more information around suggested workarounds and removal dates. Thanks, As far as I’m concerned I don’t use the API. Why do I receive this email ? What should I do ? Thanks ! |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
I got that email just today. Assume it is phishing? |
Beta Was this translation helpful? Give feedback.
-
I still don’t know. Please tell me if you find a solution :slight_smile: |
Beta Was this translation helpful? Give feedback.
-
@YannBerry, @saya7852 The email looks valid (and similar to other users I have seen asking about, it is not asking you to click on any suspicious links. You should switch to using personal access token, further details here docs.github.comCreating a personal access token - GitHub DocsYou mention “As far as I’m concerned I don’t use the API. Why do I receive this email ? What should I do ?” Yuu can change your password under account settings https://github.com/settings/security You could also review https://github.com/settings/applications for installed GitHub Apps / Authorized GitHub Apps / Authorized OAuth Apps, and clean up anything not needed/trusted. You can also review/monitor your accounts Security log for auditable actions you have not performed github.comBuild software better, togetherGitHub is where people build software. More than 50 million people use GitHub to discover, fork, and contribute to over 100 million projects.
such as |
Beta Was this translation helpful? Give feedback.
-
Thanks for your detailed explanation @byrneh! Suppose nne should not ALWAYS assume anything with a hyperlink as phishing 😅 |
Beta Was this translation helpful? Give feedback.
-
byrneh:
@byrneh Thank you for your detailed answer :slight_smile: |
Beta Was this translation helpful? Give feedback.
@YannBerry, @saya7852
The link to 2020-02-14-deprecating-password-auth is a valid GitHub change notification.
The email looks valid (and similar to other users I have seen asking about, it is not asking you to click on any suspicious links.
You should switch to using personal access token, further details here
docs.github.com
Creating a personal access token - GitHub Docs
//docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token
You mention “As far as I’m concerned I don’t use the API. Why do I receive this email ? What should I do ?”
If that is the case I would change my password immediately (and enable 2FA on my account if not alread…