Github tries to force users to use HTTP access tokens instead of user/password. As nobody can remember the token it will end up at clear text on the computer for any malware to pick up.
SSH seems to be a wiser choice as the private key can be password protected.
But as long as user can log into the GitHub web frontend security is not improved at all.
So the whole change seems to be superfluous.