Why Personal Access Token? How to generate it in Github ?

👤 Diwas Poudel    🕒 Oct 14 2021    📁 Fix    📜 0 comment

If you are using GitHub and try to perform git operations like cloning, pushing, etc you might be getting error like errors like "Support for password authentication was removed. Please use a personal access token" while performing the action. This error is because Github from August 13, 2021, no longer accepts Password-based authentication. Github provides a more secure alternative to it and ie. PATs(Personal Access Tokens). And this may frustrate you at first. But do not worry I will explain to you why this new authentication technique is used. What is the process to resolve it?

fig. Personal Access Token 


PATs stands for Personal Authentication Tokens. It is a long string of characters that are not human-readable and are used for authenticating a  user when accessing resource server(Github) instead of old user password-based authentication.

Advantage of Using PAT over password authentication

Some of the common advantages of PAT are:

1 Performance: The authentication Process is fast from Github because tokens are just simple hash which is more efficient than heavy encryption/unencrypted used in password-based authentication. so Performance and CPU resources are saved.

2 Unique: Tokens are Github-specific and can be generated per use or per device.

3 Revokable: Tokens can revoke access to each one at any time.

4 Secure: Tokens are random strings of characters that cannot be attacked by brute force attacks which were possible in Password-based authentication. So, token-based is less hackable than a password.

5 Quantity: In PATs, any number of access tokens can be created. But only one user and password can be created.

So nowadays GitHub suggest using Token or (SSH key) for git authentication 

Note that: PAT only works with HTTPS, not for SSH authentication.

How to Generate Personal Access Token (PATs)?

You don't have token auto-generated by Github.You have to generate it.

These are the step for generating tokens in Github.

1 . log in to your GitHub account

2.  Click on the profile icon located at the top right corner.

3.  Select "Settings" from the dropdown.

4. On the right side, click on "Developer settings".

5. Next click on "Personal access tokens".

6. Click on "Generate new token"

7. Under the notes field, give the name for the token.

8. Change the Expiration day of the token. By default, the token will be valid for 1 year.

9. Next select the scope you want.

You can create full control over what the user can do to the repository with this token. Here, I am giving full control over the private repository by checking on the repo. Now you can also call git operation from the command line.

10. Click on the "Generate token" button

This will generate a random token as shown below.

11. Copy that token.

Do not forget to copy that token and keep it safe because it cannot be accessible later on from Github. If you lost then you can regenerate a new one.

12. Then you can use that token to authenticate the user with a remote server.