TechEarl

Git: 'Support for password authentication was removed' - How to Fix It

GitHub stopped accepting your account password over HTTPS on August 13, 2021. Fix the error by pushing with a personal access token, or switch the remote to SSH.

Ishan Karunaratne⏱️ 7 min readUpdated
Share thisCopied
How to fix the Git error that says support for password authentication was removed on GitHub HTTPS pushes

If Git is rejecting your push with "Support for password authentication was removed," it means GitHub no longer accepts your account password over an HTTPS remote. As of August 13, 2021, GitHub only accepts a personal access token in place of your password on HTTPS, or an SSH key. The quick fix: create a token on GitHub and paste it where Git asks for your password.

The full error

When you push or pull over an HTTPS remote and type your old account password, you get this:

text
remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/get-started/getting-started-with-git/about-remote-repositories for information on currently recommended modes of authentication.
fatal: Authentication failed for 'https://github.com/you/your-repo.git/'
Creating a GitHub personal access token with the repo scope selected
Generating a classic personal access token with the repo scope, which is what Git over HTTPS needs.
A newly generated GitHub personal access token shown once
GitHub shows the token once. Use it in place of your password. (This example token has been revoked.)

The message can be a little misleading. Your username and the repository are fine. The only thing GitHub stopped accepting is the password part of HTTPS Basic auth. You have two real fixes, and which one you want depends on how you cloned the repo.

Which remote are you using?

Check before you do anything else:

bash
git remote -v
text
origin  https://github.com/you/your-repo.git (fetch)
origin  https://github.com/you/your-repo.git (push)

If the URL starts with https://, you are on the HTTPS path and need a personal access token (the next section). If it starts with git@github.com:, you are on SSH, and this particular error does not apply to you. For the full trade-off between the two, see Git SSH vs HTTPS remotes.

Fix 1: Use a personal access token (keep HTTPS)

This is the smallest change. You keep your HTTPS remote and swap the password for a token.

Create the token

  1. On GitHub, go to Settings, Developer settings, Personal access tokens.
  2. Create a token (a fine-grained token scoped to the repos you push to is the modern choice; a classic token with the repo scope also works).
  3. Set an expiry and copy the token immediately. GitHub shows it once.

Use it

When Git prompts for credentials, your username is your GitHub username and your password is the token:

bash
git push origin main
text
Username for 'https://github.com': you
Password for 'https://you@github.com': ghp_xxxxxxxxxxxxxxxxxxxx

Paste the token at the password prompt. The push goes through. If you have no terminal prompt (for example a GUI client), put the token directly in the URL the first time:

bash
git remote set-url origin https://you@github.com/you/your-repo.git

Git will still ask for the password, which is the token.

Stop being asked every time

Typing a token on every push gets old fast. Tell Git to cache or store it with a credential helper.

On macOS, use the Keychain helper, which stores the token securely:

bash
git config --global credential.helper osxkeychain

On Windows, Git for Windows ships with the Git Credential Manager, which handles this for you and is usually already enabled. On Linux, you can cache the token in memory for a session:

bash
git config --global credential.helper 'cache --timeout=3600'

The first push after setting a helper will ask for the token once, then reuse it. If you previously saved your old password, clear it first so Git stops trying the dead credential:

bash
git credential reject
protocol=https
host=github.com

Press Enter on the blank line after the last field. Then push again and supply the token.

Fix 2: Switch the remote to SSH

If you would rather not manage tokens at all, move the remote to SSH. You authenticate with a key on your machine instead of a typed secret, and the password-removed error stops being relevant.

First, if you do not have a key yet, generate an SSH key on Linux, macOS, or Windows, then add an SSH key to your GitHub account. Then point the existing remote at the SSH URL:

bash
git remote set-url origin git@github.com:you/your-repo.git
git remote -v
text
origin  git@github.com:you/your-repo.git (fetch)
origin  git@github.com:you/your-repo.git (push)

Verify the key is recognised:

bash
ssh -T git@github.com
text
Hi you! You've successfully authenticated, but GitHub does not provide shell access.

That message is success, not an error. Push as usual; there is no password prompt. If SSH itself fails with a publickey error, that is a separate problem covered in the Permission denied (publickey) fix.

Token or SSH: which should you pick?

Personal access token (HTTPS)SSH key
Setup effortCreate token, paste onceGenerate key, add to GitHub
Works behind strict firewallsYes (port 443)Sometimes blocked (port 22)
Secret to manageToken, with an expiryPrivate key file on disk
Best forQuick fix, locked-down networks, CI with a stored secretDay-to-day work on a machine you own
RotationToken expires, regenerateKey lives until you remove it

For a laptop you control, SSH is the lower-friction long-term answer. For CI runners and machines where you want a scoped, expiring credential, a token is the better fit. If you are wiring up automation, the token model is exactly what powers wiring the token into a GitHub Actions deploy.

Why GitHub did this

Account passwords are reusable and often weak, and a leaked password hands over the whole account. A personal access token is scoped (you can limit it to specific repos and permissions) and expiring, so a leak is contained and time-boxed. SSH keys never travel over the wire as a typed secret at all. The change closed off the weakest link in the HTTPS flow. It is the same reasoning behind never letting credentials reach a public repo in the first place, which is its own can of worms if it happens: see how to remove a secret from Git history and why an exposed .git directory is dangerous.

Still stuck?

A few things that trip people up after applying the fix:

  • You pasted the token but the prompt did not echo anything. That is normal; password fields are hidden. Paste and press Enter.
  • It still fails with the old error. Git is reusing a cached password. Clear it with the git credential reject block above (or delete the github.com entry from your OS keychain/credential manager) and try once more.
  • The token works in one repo but not another. A fine-grained token is scoped to specific repositories. Make sure the repo you are pushing to is in the token's allowed list.
  • CI is failing. Store the token as a secret in your CI provider and reference it in the remote URL or a credential helper, never commit it.

If you are new to all of this, the Git for beginners guide walks through cloning, committing, and pushing from the start, and the git pull vs git fetch explainer covers the other half of talking to a remote.

Sources

Authoritative references this article was fact-checked against.

Tagssupport for password authentication was removedGitVersion ControlGitHubPersonal Access TokenAuthentication

Found this useful? Pass it on.

Copied

Ishan Karunaratne

Tech Architect · Software Engineer · AI/DevOps

Tech architect and software engineer with 20+ years building software, Linux systems, and DevOps infrastructure, and lately working AI into the stack. Currently Chief Technology Officer at a healthcare tech startup, which is where most of these field notes come from.

More by IshanLinkedIn
Keep reading

Related posts