Updating your GitHub access credentials
GitHub credentials include not only your password, but also the access tokens, SSH keys, and application API tokens you use to communicate with GitHub. Should you have the need, you can reset all of these access credentials yourself.
Requesting a new password
- To request a new password, visit https://www.github.com/password_reset.
- Enter the email address associated with your personal GitHub account, then click Send password reset email. The email will be sent to the backup email address if you have one configured.
- We'll email you a link that will allow you to reset your password. You must click on this link within 3 hours of receiving the email. If you didn't receive an email from us, make sure to check your spam folder.
- After clicking on the link in your email, you'll be asked to enter a new password.
Changing an existing password
When you type a password to sign in, create an account, or change your password, GitHub will check if the password you entered is considered weak according to datasets like HaveIBeenPwned. The password may be identified as weak even if you have never used that password before.
GitHub only inspects the password at the time you type it, and never stores the password you entered in plaintext. For more information, see HaveIBeenPwned.
Sign in to GitHub.
In the upper-right corner of any page, click your profile photo, then click Settings.
In the user settings sidebar, click Security.
Under "Change password", type your old password, a strong new password, and confirm your new password. For help creating a strong password, see "Creating a strong password"
Click Update password.
For greater security, enable two-factor authentication in addition to changing your password. See About two-factor authentication for more details.
Updating your access tokens
See "Reviewing your authorized integrations" for instructions on reviewing and deleting access tokens. To generate new access tokens, see "Creating a personal access token for the command line."
Updating your SSH keys
See "Reviewing your SSH keys" for instructions on reviewing and deleting SSH keys. To generate and add new SSH keys, see "Generating an SSH key."
Resetting API tokens
If you have any applications registered with GitHub, you'll want to reset their OAuth tokens. See the GitHub Developer documentation for instructions on how to do this.
Preventing unauthorized access
For more tips on securing your account and preventing unauthorized access, see "Preventing unauthorized access."