As previously planned, GitHub will no longer support connecting to Git objects using password authentication. The change will be applied today at 19:XNUMX (MSK), after which direct execution of operations with Git that require authentication will only be possible using SSH keys or tokens (GitHub personal tokens or OAuth). An exception is granted only to accounts using two-factor authentication that connect to Git with a password and an additional key.
It is assumed that tightening authentication requirements will protect users from compromising their repositories in the event of a leak of user bases or hacking of third-party services on which users used the same passwords from GitHub. Among the advantages of authentication by tokens are: the ability to generate separate tokens for specific devices and sessions, support for the withdrawal of compromised tokens without changing credentials, the ability to limit the access area through a token, the security of tokens when determined by brute force.
Source: opennet.ru