Secure your GitHub account with a strong and unique password using a password manager.
To keep your account secure, we recommend you follow these best practices:
- Use a password manager, such as LastPass or 1Password, to generate a password more than 16 characters.
- Generate a unique password for GitHub. If you use your GitHub password elsewhere and that service is compromised, then attackers or other malicious actors could use that information to access your GitHub account.
- Configure two-factor authentication for your personal account. For more information, see "About two-factor authentication."
- Never share your password, even with a potential collaborator. Each person should use their own personal account on GitHub. For more information on ways to collaborate, see: "Inviting collaborators to a personal repository," "About collaborative development models," or "Collaborating with groups in organizations."
When you type in a password to sign in, create an account, or change your password, GitHub will check if the password you entered has been exposed in a third-party data breach according to HaveIBeenPwned. GitHub only inspects the password at the time you type it, and never stores the password you entered in plaintext. For more information, see HaveIBeenPwned.