{"id":231059,"date":"2020-11-09T08:00:59","date_gmt":"2020-11-09T16:00:59","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/visualstudio\/?p=231059"},"modified":"2020-11-06T16:02:52","modified_gmt":"2020-11-07T00:02:52","slug":"a-more-secure-github-experience","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/visualstudio\/a-more-secure-github-experience\/","title":{"rendered":"A more secure GitHub Experience"},"content":{"rendered":"

As the next step in the journey towards a more secure GitHub experience<\/a>, beginning November 13th<\/sup>, GitHub and Visual Studio will no longer accept account passwords when authenticating with the REST API and will instead require using token-based authentication (e.g., personal access or OAuth), for all authenticated operations for GitHub.com.<\/p>\n

As a result of the change, Git credential helpers such as the Git Credential Manager<\/a> (GCM) that authenticate via account passwords won\u2019t be able to create new access tokens or authenticate you for GitHub.com operations with your username and password.<\/p>\n

What does that mean for you?<\/h2>\n

We\u2019ll be releasing a new servicing update tomorrow (Tuesday November 10th<\/sup>) for Visual Studio 2017 (version 15.9.0) and Visual Studio 2019 (versions 16.0, 16.4 & 16.7), where we\u2019ll include support for the new Git Credential Manager Core<\/a> (GCM Core), which supports OAuth token-based authentication. Updating to these Visual Studio versions will automatically transition you to the new GCM Core experience and ensure your experience is not impacted.<\/p>\n

As part of this change, you\u2019ll notice that GitHub.com operations that require credentials will now only allow you to authenticate via the OAuth based web browser authentication flow:<\/p>\n

<\/p>\n

If you are using older versions of Visual Studio and cannot update to the latest Visual Studio 2019 offering, please refer to the additional workarounds on the GCM Core GitHub page<\/a>.<\/p>\n

Wrapping up<\/h2>\n

We encourage you to take advantage of some of the other security enhancements GitHub has enabled in recent years such as: two-factor authentication<\/a>,\u00a0sign-in alerts<\/a>,\u00a0verified devices<\/a>,\u00a0preventing the use of compromised passwords<\/a>, and\u00a0WebAuthn support<\/a>. For more details see learn more about keeping your account secure<\/a>, or\u00a0contact GitHub Support<\/a>.<\/p>\n

If you have any issues with the Visual Studio experience, we ask you to send us feedback via the\u00a0Developer Community<\/a>\u00a0portal, or via the Help > Send Feedback feature inside Visual Studio. We\u2019d love to know how to further improve your experience!<\/p>\n","protected":false},"excerpt":{"rendered":"

As the next step in the journey towards a more secure GitHub experience, beginning November 13th, GitHub and Visual Studio will no longer accept account passwords when authenticating with the REST API and will instead require using token-based authentication (e.g., personal access or OAuth), for all authenticated operations for GitHub.com. As a result of the […]<\/p>\n","protected":false},"author":1092,"featured_media":231060,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[561,1412,155],"tags":[6758,4381],"class_list":["post-231059","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-open-source","category-development","category-visual-studio","tag-git-integration","tag-github"],"acf":[],"blog_post_summary":"

As the next step in the journey towards a more secure GitHub experience, beginning November 13th, GitHub and Visual Studio will no longer accept account passwords when authenticating with the REST API and will instead require using token-based authentication (e.g., personal access or OAuth), for all authenticated operations for GitHub.com. As a result of the […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts\/231059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/users\/1092"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/comments?post=231059"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/posts\/231059\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/media\/231060"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/media?parent=231059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/categories?post=231059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/visualstudio\/wp-json\/wp\/v2\/tags?post=231059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}