Creating a strong password

Secure your GitHub account with a strong and unique password using a password manager.

You must choose or generate a password for your GitHub account that is:

  • Eight characters long, if it includes a number and a lowercase letter, or
  • 16 characters long with any combination of characters

To keep your account secure, we recommend you follow these best practices:

When you type a password to sign in, create an account, or change your password, GitHub will check if the password you entered is considered weak according to datasets like HaveIBeenPwned. The password may be identified as weak even if you have never used that password before.

GitHub only inspects the password at the time you type it, and never stores the password you entered in plaintext. For more information, see HaveIBeenPwned.

You can only use your password to log on to GitHub using your browser. When you authenticate to GitHub with other means, such as the command line or API, you should use other credentials. For more information, see "About authentication to GitHub."

When Git prompts you for your password, enter your personal access token (PAT) instead. Password-based authentication for Git is deprecated, and using a PAT is more secure. For more information, see "Creating a personal access token."

Further reading

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.