Deprecating password access?

I received this email:

On September 20th, 2020 at 10:57 (UTC) you used a password to access an endpoint through the GitHub API using curl:

Basic authentication using a password to the API is deprecated and will soon no longer work. Visit for more information around suggested workarounds and removal dates.

The GitHub Team
I have no idea what this means. I’m pretty sure I don’t have enough knowledge to have set something like this up in the first place, so I have no idea how to fix it. The extent of my knowledge is having built several WordPress websites several years ago.

It looks like someone or something (maybe an old app) used your GitHub credentials to access an endpoint through the GitHub API using curl:

curl -u your_user:your_password

I recommend:

  • checking your Security log and make sure that your account was not compromised.
  • You should also revoke Sessions that you do not recognize.
  • You should also revoke Applications that you do not use or recognize.
  • request a new password.

Thank you so much for the response. I followed your suggestions. I have no Sessions other than my current one, no installed or authorized Applications other than the GitHub Support Community. The Security log shows 12 failed log-in attempts over the past 3 days. I have requested a new password.
Given that I don’t know what the initial email addressed, I assume I am safe to ignore it in light of the other steps i’ve taken now?

Yes, once you have reset your password, It is safe to ignore that email.

If you want to add extra security, you can also choose among multiple options to add a second source of authentication (2FA) to your account.

You can configure two-factor authentication using a mobile app or via text message. You can also add a security key.

I strongly recommend using authy a time-based one-time password (TOTP) application to configure 2FA.

TOTP applications are more reliable than SMS. TOTP apps support the secure backup of your authentication codes in the cloud and can be restored if you lost access to your device.

1 Like