Two factor authentication is a great way to add an extra layer of security to your web services. However a problem arise when using 2FA with already existing terminal based apps and services that with an their own protocol, in our case GIT.
The company I’m working for enforced two factor authentication on its private github group.
After this I was not able to clone pull or push anything over HTTPS using my normal username/email password credentials.
mycomputer:MyRepo nindoda$ git pull Username for 'https://github.com': noras-salman Password for 'https://email@example.com': ****PASSWORD*** remote: Invalid username or password. fatal: Authentication failed for 'https://github.com/MyGroup/MyRepo.git/'
In order to solve the problem I had to create a github web access token. A web access token provides a way to authenticate when calling github’s web API it also provides a way to to run the git commands over HTTPS, since it’s web based.
In order to create a web access token you have to:
- start by clicking on your profile image on the top right corner then choose “Settings”.
- Then click on “Developer settings”.
- Finally select “Personal access tokens”.
- Generate your new token and choose the permissions you need.
Copy and store your token in a very secret place. The token is equivalent to your new password so treat it the same way.
Using your token to authenticate
Retry, or try to pull, clone or push to your repository but this time use your token this time when the git prompt you to enter your password.
mycomputer:MyRepo nindoda$ git pull Username for 'https://github.com': noras-salman Password for 'https://firstname.lastname@example.org': ****TOKEN*** From https://github.com/MyGroup/MyRepo * [new branch] 3.0.7 -> origin/3.0.7 * [new branch] 3.0.8 -> origin/3.0.8 * [new branch] 3.0.9 -> origin/3.0.9 * [new branch] 4.1.3 -> origin/4.1.3 * [new branch] 4.1.4 -> origin/4.1.4 * [new branch] 4.1.5 -> origin/4.1.5 ...... ......