What just happened?
You ran git push, typed your GitHub password, and got hit with this:
remote: Support for password authentication was removed on August 13, 2021.
fatal: Authentication failed for 'https://github.com/user/repo.git/'
GitHub killed plain-password auth for Git operations in August 2021 โ a security decision to combat credential stuffing attacks. Your credential cache is still holding the old password. Every push and pull now fails until you replace it with a Personal Access Token (PAT) or switch to SSH.
Why this happens
Before August 2021, you could push to GitHub over HTTPS using your account password. GitHub shut that down to reduce account takeovers from leaked passwords. PATs are scoped and revocable โ if one leaks, you revoke just that token without touching your account password.
The problem right now: your OS credential manager cached the old password. Git keeps re-sending it. GitHub keeps rejecting it. That's the loop you're stuck in.
Quick fix: generate a Personal Access Token
Two steps โ create a token on GitHub, then use it as your password.
Step 1 โ Create a PAT on GitHub
- Go to GitHub โ Settings โ Developer settings โ Personal access tokens โ Tokens (classic).
- Click Generate new token (classic).
- Give it a recognizable name (e.g.,
work-laptop-2025) and set an expiry โ 90 days is a sensible default. - Under Scopes, tick repo (full control of private repositories). That's all you need for pushing and pulling.
- Click Generate token and copy it immediately. GitHub shows it exactly once.
Your token will start with ghp_ and be roughly 40 characters long. That's your new password.
Step 2 โ Use the token as your password
Run the push again. When Git prompts for credentials, enter:
- Username: your GitHub username
- Password: paste the token (not your account password)
git push origin main
Username for 'https://github.com': your-username
Password for 'https://your-username@github.com': ghp_xxxxxxxxxxxxxxxxxxxx
If the push succeeds, the one-time fix worked. Git will prompt again on the next push, though โ read on to store the token permanently.
Permanent fix: save the token in your credential store
Option A โ Git Credential Manager (recommended)
Git Credential Manager (GCM) stores your token securely in the OS keychain and handles re-authentication automatically. It ships with Git for Windows and installs easily on macOS and Linux.
Windows โ GCM is already bundled with Git for Windows. Push once, a browser window opens for authentication, and Git remembers your token until it expires.
macOS:
brew install --cask git-credential-manager
git-credential-manager configure
Linux (Debian/Ubuntu) โ download the latest .deb from the GCM releases page, then:
sudo dpkg -i gcm-linux_amd64.X.X.X.deb
git-credential-manager configure
Once GCM is set up, flush the stale cached password so GCM can store the fresh token:
git credential reject
protocol=https
host=github.com
(Run the command, press Enter, type each line, then press Enter on a blank line to finish.)
Push again. GCM prompts once, saves the token, and you won't be asked again for the lifetime of that token.
Option B โ Embed the token in the remote URL
No credential manager? Drop the token directly into the remote URL:
git remote set-url origin https://YOUR_TOKEN@github.com/user/repo.git
Git reads it automatically on every push and pull. No prompts, no setup.
Caveat: the token sits in plain text inside .git/config. Anyone who can read that file can use your token. Avoid this on shared or public machines.
Option C โ Switch to SSH
SSH keys don't expire and require zero typing once configured. If you push to GitHub every day, the one-time setup pays for itself quickly.
# Generate a key (skip if ~/.ssh/id_ed25519 already exists)
ssh-keygen -t ed25519 -C "you@example.com"
# Print the public key
cat ~/.ssh/id_ed25519.pub
Copy that output and paste it into GitHub โ Settings โ SSH and GPG keys โ New SSH key. Then point your remote at SSH:
git remote set-url origin git@github.com:user/repo.git
Verify the connection before your next push:
ssh -T git@github.com
# Hi your-username! You've successfully authenticated...
Clearing a cached bad password
Still seeing Authentication failed after generating a token? Your OS is re-submitting the old cached password before Git even asks. Clear it by platform:
Windows (Credential Manager):
git credential-manager erase
protocol=https
host=github.com
Alternatively: open Control Panel โ Credential Manager โ Windows Credentials and delete any entry for github.com.
macOS (Keychain):
git credential-osxkeychain erase
protocol=https
host=github.com
Or open Keychain Access, search for github.com, and delete the entry manually.
Linux (store helper):
git config --global credential.helper store
Then open ~/.git-credentials in a text editor and delete the line containing github.com.
Verify the fix
Push something small to confirm it works:
git push origin main
Successful output looks like:
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
To https://github.com/user/repo.git
a1b2c3d..e4f5g6h main -> main
No Authentication failed. Done.
To check which credential helper Git is currently using:
git config --global credential.helper
Token security tips
- Set an expiry. 90 days is a reasonable default. GitHub emails you a week before expiration, so you won't be caught off guard mid-workday.
- Use minimal scopes. For most personal repos,
repois all you need. Don't grant more than necessary. - Never commit a token. If one ends up in a commit, revoke it on GitHub immediately and generate a new one. The leaked token is dead the moment you revoke it.
- Need a strong random string for other tools or configs? ToolCraft's Password Generator runs entirely in your browser โ nothing is sent anywhere.