Keeping your account and data secure
To protect your personal information, you should keep both your account on your GitHub Enterprise Server instance and any associated data secure.
About authentication to GitHub
You can securely access your account's resources by authenticating to GitHub Enterprise Server, using different credentials depending on where you authenticate.
Creating a strong password
Secure your account on your GitHub Enterprise Server instance with a strong and unique password using a password manager.
Updating your GitHub access credentials
GitHub Enterprise Server credentials include not only your password, but also the access tokens, SSH keys, and application API tokens you use to communicate with GitHub Enterprise Server. Should you have the need, you can reset all of these access credentials yourself.
Managing your personal access tokens
You can use a personal access token in place of a password when authenticating to GitHub in the command line or with the API.
Reviewing your SSH keys
To keep your credentials secure, you should regularly audit your SSH keys, deploy keys, and review authorized applications that access your account on your GitHub Enterprise Server instance.
Reviewing your deploy keys
You should review deploy keys to ensure that there aren't any unauthorized (or possibly compromised) keys. You can also approve existing deploy keys that are valid.
Token expiration and revocation
Your tokens can expire and can also be revoked by you, applications you have authorized, and GitHub Enterprise Server itself.
Reviewing your security log
You can review the security log for your personal account to better understand actions you've performed and actions others have performed that involve you.
Security log events
Learn about security log events recorded for your personal account.
Removing sensitive data from a repository
If you commit sensitive data, such as a password or SSH key into a Git repository, you can remove it from the history.
Sudo mode
To confirm access to your account before you perform a potentially sensitive action, your GitHub Enterprise Server instance prompts for authentication.
Preventing unauthorized access
You may be alerted to a security incident in the media, such as the discovery of the Heartbleed bug, or your computer could be stolen while you're signed in to your GitHub Enterprise Server instance. In such cases, changing your password prevents any unintended future access to your account and projects.
Viewing and managing your sessions
You can view and revoke your active sessions in your settings.