Password Authentication For Git Over HTTP(S) Should Not Be Enabled

policy name: password_authentication_enabled_for_git_is_enabled

severity: LOW

Description

Password authentication for Git protocol operations (pull / push) is discouraged in favor of using personal access tokens and keys. From a security standpoint, it is recommended to disable password authentication completely.

Remediation

1. Press Settings -> General
2. Expand “Sign-in restrictions” section
3. Un toggle “Allow password authentication for Git over HTTP(S)”
4. Press “Save Changes”