| GitHub mentioned this in their blog-post: https://github.blog/2020-12-15-token-authentication-requirem... > Tokens offer a number of security benefits over password-based authentication: > - Unique – tokens are specific to GitHub and can be generated per use or per device > - Revocable – tokens can can be individually revoked at any time without needing to update unaffected credentials > - Limited – tokens can be narrowly scoped to allow only the access necessary for the use case > - Random – tokens are not subject to the types of dictionary or brute force attempts that simpler passwords that you need to remember or enter regularly might be I pretty much do the same thing, I just copy-and-paste a PAT from my password manager when I need it on VMs. The big benefit to us is that PATs are "limited", and mine only has Git repo access, so unlike my password, it can't: - Delete repos - Edit my GitHub organization - Share my private repos with other users - Add/remove SSH keys from my account There's always the chance that a software you install on your VM would contain a keylogger (e.g. NPM/PyPI malicious libraries), so limiting the damage that your credentials can do is always a good thing. |
Still, it's good to be in the habit of doing this, because sometimes you do need it.