Token authentication requirements for managing organisations in github?

OK, so I’ve been notified of the fact that password-based access to Git is ending:

but what’s happening regarding managing organisations and members’ access rights, etc.? Currently if I want to change stuff in the github organisations I own, Github prompts me for a password.

What’s going to happen in future?

This doesn’t seem to be covered by any of the details on how to set up personal access tokens, because e.g. this page:

https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token

doesn’t talk about managing stuff in Github via the browser, it appears to be just about Github access via the command line.

Thanks
Louise

The language used in these blog posts is a little confusing. A “Git operation” refers to an activity performed against github.com as a git server and not an activity performed on the website. For example, git push is an authenticated Git operation: today you can git push to github.com with a GitHub username and password but from August 2021 you will need to use a username and token.

The GitHub website already takes advantage of improved security because GitHub control it end to end, so the changes described in these blog posts will not impact the GitHub website, only the git server and the GitHub API. Hopefully future announcements from GitHub will mention this nuance :slight_smile:

So in summary, this does not have any impact on managing repository access rights etc. – you will continue to use your password as-is.

2 Likes

Great! Thanks very much for a comprehensive and comprehensible answer.

Louise