Skip to main content

Creating a strong password

Secure your account on with a strong and unique password using a password manager.

You must choose or generate a password for your account on that is at least:

  • Eight characters long, if it includes a number and a lowercase letter, or
  • 15 characters long with any combination of characters

To keep your account secure, we recommend you follow these best practices:

  • Use a password manager, such as LastPass or 1Password, to generate a password of at least 15 characters.

  • Generate a unique password for GitHub. If you use your GitHub password elsewhere and that service is compromised, then attackers or other malicious actors could use that information to access your account on

  • Configure two-factor authentication for your personal account. For more information, see "About two-factor authentication."

  • Never share your password, even with a potential collaborator. Each person should use their own personal account on GitHub. For more information on ways to collaborate, see: "Inviting collaborators to a personal repository," "About collaborative development models," or "Collaborating with groups in organizations."

    Quando você digitar uma senha para se conectar, criar uma conta ou alterar sua senha, o GitHub verificará se a senha inserida é considerada fraca de acordo com conjuntos de dados como o HaveIBeenPwned. A senha pode ser identificada como fraca, mesmo que você nunca tenha usado essa senha antes.

O GitHub inspeciona a senha apenas no momento em que você a digita e nunca armazena a senha que você digitou em um texto simples. Para obter mais informações, confira HaveIBeenPwned.

You can only use your password to log on to GitHub using your browser. When you authenticate to GitHub with other means, such as the command line or API, you should use other credentials. For more information, see "About authentication to GitHub."

When Git prompts you for your password, enter your personal access token. Alternatively, you can use a credential helper like Git Credential Manager. Password-based authentication for Git has been removed in favor of more secure authentication methods. For more information, see "Creating a personal access token."

Further reading