How to fix remote: Invalid username or token. Password authentication is not supported for Git operations. in Git

GitBEGINNERMEDIUM

Fix Git "Invalid username or password / password authentication not supported" by using a personal access token instead. Step-by-step fix.

What this error means

This error indicates that Git's authentication attempt to the remote repository (such as GitHub, GitLab, or Bitbucket) was rejected. The remote server responded that the provided credentials are invalid. Since August 2021, GitHub and other major Git hosting services have deprecated password-based authentication for Git operations. This means you can no longer use your account password directly - you must use a Personal Access Token (PAT) or SSH keys instead. Common scenarios that trigger this error: 1. **Using password instead of token** - Git hosting services now require Personal Access Tokens for HTTPS authentication 2. **Two-factor authentication (2FA) enabled** - When 2FA is on, password authentication is completely blocked 3. **Stale cached credentials** - Old credentials stored in your system's credential manager are outdated 4. **Recently changed password** - Your password was changed but old credentials are still cached 5. **Incorrect username** - Using email address when the service requires your username

How to fix "remote: Invalid username or token. Password authentication is not supported for Git operations."

1Generate a Personal Access Token (PAT)

Since password authentication is deprecated, you need to create a Personal Access Token. Here's how for major providers:

GitHub:
1. Go to [github.com/settings/tokens](https://github.com/settings/tokens)
2. Click "Generate new token" > "Generate new token (classic)"
3. Enter a description (e.g., "Git CLI access")
4. Select expiration (or "No expiration" for CI/CD)
5. Select scopes: at minimum check repo for private repositories
6. Click "Generate token"
7. Copy the token immediately - you won't be able to see it again!

GitLab:
1. Go to gitlab.com/-/user_settings/personal_access_tokens
2. Enter a name and optional expiration date
3. Select scopes: read_repository, write_repository for git operations
4. Click "Create personal access token"
5. Copy the token

Bitbucket:
1. Go to bitbucket.org/account/settings/app-passwords
2. Click "Create app password"
3. Enter a label and select permissions
4. Copy the generated password

2Clear cached credentials

Old credentials may be stored in your system's credential manager. Clear them before entering new ones:

Windows (Credential Manager):

powershell

# Open Credential Manager
control /name Microsoft.CredentialManager

# Or via command line - remove git credentials
cmdkey /delete:git:https://github.com

Look under "Windows Credentials" for entries containing github.com, gitlab.com, or bitbucket.org and remove them.

macOS (Keychain):

bash

# Remove GitHub credentials from Keychain
git credential-osxkeychain erase
host=github.com
protocol=https
# Press Enter twice after the above lines

# Or open Keychain Access app and search for "github.com"

Linux:

bash

# If using Git Credential Manager
git credential reject
host=github.com
protocol=https
# Press Enter twice

# If using .git-credentials file
# Edit or remove ~/.git-credentials

# If using GNOME Keyring
secret-tool clear server github.com

3Authenticate with your new token

Now use your Personal Access Token instead of your password:

bash

# When prompted for password, enter your PAT instead
git push origin main
Username: your-username
Password: <paste your Personal Access Token here>

Store credentials so you don't have to enter them every time:

bash

# Enable credential caching (stores in memory for 15 minutes)
git config --global credential.helper cache

# Or store permanently (less secure but convenient)
git config --global credential.helper store

# On macOS, use Keychain
git config --global credential.helper osxkeychain

# On Windows, use Credential Manager
git config --global credential.helper wincred
# Or the newer manager-core
git config --global credential.helper manager-core

Then run any git command that requires authentication - you'll be prompted once, and credentials will be saved.

4Use the token in the remote URL (alternative)

You can embed the token directly in the remote URL (useful for CI/CD, but be careful with security):

bash

# View current remote URL
git remote -v

# Update remote URL to include token
git remote set-url origin https://<USERNAME>:<TOKEN>@github.com/<USERNAME>/<REPO>.git

# Example
git remote set-url origin https://johndoe:[email protected]/johndoe/my-repo.git

Warning: This stores your token in plain text in .git/config. For shared machines or public repos, prefer credential helpers or SSH keys.

For CI/CD pipelines, use environment variables:

bash

git remote set-url origin https://${GIT_USER}:${GIT_TOKEN}@github.com/${GIT_USER}/${REPO}.git

5Switch to SSH authentication (recommended)

SSH keys are more secure and don't expire like tokens. Here's how to set them up:

Generate an SSH key:

bash

# Generate new SSH key
ssh-keygen -t ed25519 -C "[email protected]"

# Start SSH agent
eval "$(ssh-agent -s)"

# Add key to agent
ssh-add ~/.ssh/id_ed25519

Add the public key to your Git provider:

bash

# Copy public key to clipboard
cat ~/.ssh/id_ed25519.pub
# Copy the output

- GitHub: Settings > SSH and GPG keys > New SSH key
- GitLab: Preferences > SSH Keys > Add key
- Bitbucket: Personal settings > SSH keys > Add key

Update your remote URL to use SSH:

bash

# Change from HTTPS to SSH
git remote set-url origin [email protected]:username/repository.git

# Verify the change
git remote -v

# Test SSH connection
ssh -T [email protected]

6Verify username is correct

Make sure you're using your username, not your email address:

bash

# Check current Git username configuration
git config --global user.name

# Check what Git is sending to the remote
GIT_CURL_VERBOSE=1 git fetch 2>&1 | grep -i "user"

Find your username:
- GitHub: github.com > Profile icon > Your profile (username is in URL)
- GitLab: gitlab.com > Profile icon > Edit profile
- Bitbucket: bitbucket.org > Personal settings > Account settings

Note: Usernames are often case-sensitive in Git operations. If your username is "JohnDoe", use exactly that, not "johndoe".

Advanced notes

### Debugging Authentication Issues

Enable verbose mode to see exactly what's happening:

bash

# Enable Git debugging
GIT_CURL_VERBOSE=1 git push 2>&1

# Or more detailed SSH debugging
GIT_SSH_COMMAND="ssh -vvv" git fetch

### Git Credential Manager

Git Credential Manager (GCM) is the recommended way to handle authentication:

bash

# Check if GCM is installed
git credential-manager --version

# Install on Linux
# Download from: https://github.com/git-ecosystem/git-credential-manager/releases

# Configure Git to use it
git config --global credential.helper manager

# GCM supports browser-based authentication flow
git push  # Opens browser for OAuth authentication

### Multiple Accounts on Same Host

If you have multiple GitHub/GitLab accounts:

bash

# Use SSH config for multiple accounts
# ~/.ssh/config
Host github.com-personal
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_personal

Host github.com-work
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_work

# Clone using specific identity
git clone [email protected]:company/repo.git

### CI/CD Best Practices

For automated pipelines:

yaml

# GitHub Actions - use built-in token
- uses: actions/checkout@v4
  with:
    token: ${{ secrets.GITHUB_TOKEN }}

# Or for cross-repo access, use PAT
- uses: actions/checkout@v4
  with:
    token: ${{ secrets.PAT_TOKEN }}

yaml

# GitLab CI - use CI job token
script:
  - git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/group/repo.git

### Token Scope Requirements

Minimum required scopes for common operations:

| Operation | GitHub Scope | GitLab Scope |
|-----------|-------------|--------------|
| Clone private repo | repo | read_repository |
| Push to repo | repo | write_repository |
| Read packages | read:packages | read_registry |

### Handling Special Characters

If your password or token contains special characters:

bash

# URL-encode special characters in the URL
# @ becomes %40
# ! becomes %21
# etc.

# Or use credential helper to avoid URL encoding issues
git config --global credential.helper store

How to fix remote: Invalid username or token. Password authentication is not supported for Git operations. in Git

What this error means

Typical symptoms

Common causes

How to fix "remote: Invalid username or token. Password authentication is not supported for Git operations."

Advanced notes

Related errors

Official resources & further reading