To protect your personal information, you should keep both your GitHub account and any associated data secure.

Creating a strong password

Your security on GitHub, as well as every other account you have on the Web, is best served with a strong password that isn't shared with any other person, service, or site.

Updating your GitHub access credentials

GitHub credentials include not only your password, but also the access tokens, SSH keys, and application API tokens you use to communicate with GitHub. Should you have the need, you can reset all of these access credentials yourself.

Reviewing your SSH keys

To keep your credentials secure, you should regularly audit your SSH keys, deploy keys, and review authorized applications that access your GitHub account.

Reviewing your deploy keys

You should review deploy keys to ensure that there aren't any unauthorized (or possibly compromised) keys. You can also approve existing deploy keys that are valid.

Reviewing your authorized applications (OAuth)

You should review your authorized applications to verify that no new applications with expansive permissions are authorized, such as those that have access to your private repositories.

Reviewing your security log

You can review your account's security log to better understand the actions you've performed in the last 90 days.

Removing sensitive data from a repository

If you commit sensitive data, such as a password or SSH key into a Git repository, you can remove it from the history. To entirely remove unwanted files from a repository's history you can use either the git filter-branch command or the BFG Repo-Cleaner.

About anonymized image URLs

If you upload an image to GitHub, the URL of the image will be modified so your information is not trackable.

GitHub's IP addresses

To make sure you have access to all of our services, you should ensure that you've whitelisted the GitHub IP address range.

GitHub's SSH key fingerprints

Public key fingerprints can be used to validate a connection to a remote server.

Sudo mode

GitHub asks you for your password before you can modify your email address, authorize third-party applications, or add new public keys, or initiate other sudo-protected actions.

Preventing unauthorized access

You may be alerted to a security incident in the media, such as the discovery of the Heartbleed bug, or your computer could be stolen while you're signed in to GitHub. In such cases, changing your password prevents any unintended future access to your account and projects.