• Do you use Git?
• Do you use GitHub?
• Are you following the, now somewhat standard, advice of 2FA all the things?
• Are you now suprised that trying to pull down a repo from the terminal no longer accepts your password?

Yeah, me too.

But with a little bit of search-fu I found this StackOverflow question that held the answer.

Basically because of the 2FA the password by itself is no longer “enough” and will be rejected. The solution is an OAuth token! This is a bit like the ‘app passwords’ you see in services like Google’s Gmail, where you want to pull your email into an app that isn’t the web site nor is it an official Google generated app. These psudorandom strings are a way of proving authentication to the server since they are generated by an authorized user and they are singular to said user. Once generated and stored in a secure location like 1Password, or your password manager of choice, the token can be used in place of a password when interacting wtih GitHub from your terminal.

As an added benefit if one of these tokens were to be comprimised somehow, it can be deleted and reissued without having to reset the password proper. Once the old token is deleted it will always be rejected by the server and cannot be added back in since it can’t be regenerated back to the exact string.

Now go forth and git push and git pull with confidence!