GitHub no longer accepts account passwords for Git operations over HTTPS. Since August 2021, you must use a personal access token or SSH key to authenticate instead of your password.
This error occurs because GitHub removed support for password-based authentication for Git operations on August 13, 2021. When you try to push, pull, clone, or fetch from a GitHub repository using HTTPS and enter your account password, GitHub rejects the authentication. This security change was announced by GitHub in July 2020 to encourage the use of more secure authentication methods. Personal access tokens and SSH keys provide better security because they can be scoped to specific permissions, easily revoked, and are not susceptible to password-based attacks. The error is returned by GitHub's servers (indicated by "remote:") when they detect an attempt to authenticate with a password rather than a token.
1. Log into GitHub and click your profile picture, then select Settings
2. In the left sidebar, scroll down and click Developer settings
3. Click Personal access tokens > Tokens (classic)
4. Click Generate new token > Generate new token (classic)
5. Add a descriptive note (e.g., "Git CLI access")
6. Set an expiration (or "No expiration" for long-lived tokens)
7. Select scopes - for typical Git operations, check:
- repo (Full control of private repositories)
- workflow (if you work with GitHub Actions)
8. Click Generate token
9. Copy the token immediately - you won't be able to see it again
# Your token will look something like this:
ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxRemove old cached passwords so Git prompts for the new token.
macOS (Keychain Access):
# Option 1: Use command line
git credential-osxkeychain erase
host=github.com
protocol=https
# Press Enter twice
# Option 2: Open Keychain Access app, search for "github.com", delete the entryWindows (Credential Manager):
1. Open Control Panel > Credential Manager
2. Click Windows Credentials
3. Find entries for git:https://github.com or github.com
4. Click the entry and select Remove
Linux (Git Credential Cache):
# Clear cached credentials
git credential reject
host=github.com
protocol=https
# Press Enter twice
# Or remove the credential helper cache file
rm ~/.git-credentialsThe next time you run a Git command that requires authentication, enter your credentials:
git push origin main
# Username: your-github-username
# Password: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Paste your token hereImportant: When prompted for a "password", paste your personal access token, not your GitHub account password.
To avoid entering the token repeatedly, configure a credential helper:
macOS (uses Keychain):
git config --global credential.helper osxkeychainWindows (uses Credential Manager):
git config --global credential.helper managerLinux (cache in memory for 1 hour):
git config --global credential.helper 'cache --timeout=3600'Linux (store permanently in file):
git config --global credential.helper store
# Note: This stores credentials in plain text at ~/.git-credentialsSSH keys are another secure authentication method that doesn't require tokens:
# Check for existing SSH keys
ls -la ~/.ssh
# Generate a new SSH key (if needed)
ssh-keygen -t ed25519 -C "[email protected]"
# Start the SSH agent and add your key
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
# Copy the public key
cat ~/.ssh/id_ed25519.pub
# Copy the outputAdd the key to GitHub:
1. Go to Settings > SSH and GPG keys
2. Click New SSH key
3. Paste your public key and save
Update your remote URL to use SSH:
# Check current remote
git remote -v
# Change from HTTPS to SSH
git remote set-url origin [email protected]:username/repository.git### Token Scopes and Permissions
Personal access tokens use scopes to limit what they can do:
| Scope | Permission |
|-------|------------|
| repo | Full access to repositories (push, pull, etc.) |
| repo:status | Read/write commit status |
| public_repo | Access to public repositories only |
| workflow | Update GitHub Actions workflows |
For CI/CD systems, create dedicated tokens with minimal required scopes.
### Fine-Grained Personal Access Tokens
GitHub now offers fine-grained tokens that provide even more control:
- Scope access to specific repositories
- Set read-only vs read-write per permission type
- Require organization approval for certain actions
To create one: Settings > Developer settings > Personal access tokens > Fine-grained tokens
### Token Security Best Practices
1. Set expiration dates - Avoid "no expiration" when possible
2. Use minimal scopes - Only grant permissions you need
3. Rotate tokens regularly - Especially for CI/CD systems
4. Never commit tokens - Add .env files to .gitignore
5. Use environment variables - Store tokens in CI/CD secrets, not code
### GitHub CLI Alternative
The GitHub CLI (gh) can handle authentication automatically:
# Install and authenticate
gh auth login
# This configures Git to use gh as a credential helper
gh auth setup-git### Enterprise and Self-Hosted GitHub
If you use GitHub Enterprise Server, the deprecation timeline may differ. Check with your administrator. Some self-hosted instances may still support password authentication if configured.
kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git