Skip to main content

Creating a strong password

Secure your account on GitHub.com with a strong and unique password using a password manager.

You must choose or generate a password for your account on GitHub.com that is at least:

  • Eight characters long, if it includes a number and a lowercase letter, or
  • 15 characters long with any combination of characters

To keep your account secure, we recommend you follow these best practices:

  • Use a password manager, such as LastPass or 1Password, to generate a password of at least 15 characters.

  • Generate a unique password for GitHub Enterprise Cloud. If you use your GitHub Enterprise Cloud password elsewhere and that service is compromised, then attackers or other malicious actors could use that information to access your account on GitHub.com.

  • Configure two-factor authentication for your personal account. For more information, see "About two-factor authentication."

  • Never share your password, even with a potential collaborator. Each person should use their own personal account on GitHub Enterprise Cloud. For more information on ways to collaborate, see: "Inviting collaborators to a personal repository," "About collaborative development models," or "Collaborating with groups in organizations."

    在输入密码进行登录、创建帐户或更改密码时,GitHub Enterprise Cloud 将根据 HaveIBeenPwned 等资料集检查你输入的密码是否被视为弱密码。 即使是以前从未用过的密码,也可能被视为弱密码。

GitHub Enterprise Cloud 仅在您输入密码时检查密码,绝不会以纯文本存储您输入的密码。 有关详细信息,请参阅 HaveIBeenPwned

You can only use your password to log on to GitHub Enterprise Cloud using your browser. When you authenticate to GitHub Enterprise Cloud with other means, such as the command line or API, you should use other credentials. For more information, see "About authentication to GitHub."

When Git prompts you for your password, enter your personal access token. Alternatively, you can use a credential helper like Git Credential Manager. Password-based authentication for Git has been removed in favor of more secure authentication methods. For more information, see "Creating a personal access token."

Further reading