Password Authentication For Git Over HTTP(S) Should Not Be Enabled

policy name: password_authentication_enabled_for_git_is_enabled

severity: LOW


Password authentication for Git protocol operations (pull / push) is discouraged in favor of using personal access tokens and keys. From a security standpoint, it is recommended to disable password authentication completely.


  1. Press Settings -> General
  2. Expand “Sign-in restrictions” section
  3. Un toggle “Allow password authentication for Git over HTTP(S)”
  4. Press “Save Changes”