Brownout Notice: API Authentication via Query Parameters, and the OAuth Applications API for 12 hours
Brownout Notice: API Authentication via Query Parameters, and the OAuth Applications API for 12 hours
GitHub Blog Search
Search Results for: Authentication
Sunsetting API Authentication via Query Parameters, and the OAuth Applications API
Sunsetting API Authentication via Query Parameters, and the OAuth Applications API
Behind GitHub’s new authentication token formats
We're excited to share a deep dive into how our new authentication token formats are built and how these improvements are keeping your tokens more secure. As we continue to…
Authentication token format updates are generally available
Authentication token format updates are generally available
Token authentication requirements for Git operations
In July 2020, we announced our intent to require the use of token-based authentication (for example, a personal access, OAuth, or GitHub App installation token) for all authenticated Git operations.…
Token authentication requirements for API and Git operations
As previously announced, beginning November 13th, 2020, we will no longer accept account passwords when authenticating with the REST API and will require the use of token-based authentication (e.g., a…
Git Credential Manager Core: Building a universal authentication experience
Authentication is a critical component to your daily development. When working in open source, you need to prove that you have rights to update a branch with git push. Additionally…
Web Authentication (WebAuthn) security keys
GitHub now supports the WebAuthn standard for authentication. A broad array of security keys can be used across most major browsers (Apple will add support in Fall 2019). The following…
GitHub supports Web Authentication (WebAuthn) for security keys
The WebAuthn standard for security keys is making authentication as easy as possible. Now you can use security keys for second-factor authentication on GitHub with many more browsers and devices.
SSH certificate authentication for GitHub Enterprise Cloud
GitHub Enterprise accounts can now use their own SSH certificate authority to issue SSH certificates to organization members that grant access to organization-owned repositories via Git. SSH certificate authorities can…
SSH certificate authentication for GitHub Enterprise Cloud
Enterprise and organization admins can now register their SSH certificate authorities with GitHub, helping their team access repositories over Git using SSH certificates.
Password-based HTTP basic authentication deprecation and removal
You can no longer use password-based HTTP basic authentication for the few endpoints on GitHub.com that previously supported it. The affected endpoints include Atom feeds, a legacy repository archive endpoint,…
GitHub supports Universal 2nd Factor authentication
May 5, 2021 update: The limited edition U2F Security Keys described in this post are no longer available. To help users better secure their accounts, we are expanding GitHub's authentication…
Recent activity for authentication credentials
In addition to seeing your browser session activity, you can now view activity for your SSH keys and OAuth tokens as well. SSH key activity Find the most recent activity…
Two-factor Authentication
Today we're adding two-factor authentication to GitHub. When you enable this feature, it adds an additional layer of security to your account. When logging in to GitHub, after providing your…
Token Authentication
We've just added site-wide token based authentication. You can find your API token in your account page, front and center. Simply pass login and token to any URL which requires…
Securing millions of developers through 2FA
We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.
Logging SAML SSO and SCIM identity data in audit log events is generally available
Logging SAML SSO and SCIM identity data in audit log events is generally available
[Public Beta] Bring Your Own Identity Provider to Enterprise Managed Users
[Public Beta] Bring Your Own Identity Provider to Enterprise Managed Users