Keeping your account and data secure - GitHub Docs (original) (raw)

To protect your personal information, you should keep both your account on GitHub and any associated data secure.

About authentication to GitHub

You can securely access your account's resources by authenticating to GitHub, using different credentials depending on where you authenticate.

Verifying new devices when signing in

When you sign in for the first time from a new or unrecognized device without two-factor authentication enabled, GitHub may ask for additional verification to confirm that it is you.

Updating your GitHub access credentials

GitHub credentials include not only your password, but also the access tokens, SSH keys, and application API tokens you use to communicate with GitHub. Should you have the need, you can reset all of these access credentials yourself.

Reviewing your SSH keys

To keep your credentials secure, you should regularly audit your SSH keys, deploy keys, and review authorized applications that access your account.

Reviewing your deploy keys

You should review deploy keys to ensure that there aren't any unauthorized (or possibly compromised) keys. You can also approve existing deploy keys that are valid.

Reviewing your security log

You can review the security log for your personal account to better understand actions you've performed and actions others have performed that involve you.

Removing sensitive data from a repository

Sensitive data can be removed from the history of a repository if you can carefully coordinate with everyone who has cloned it and you are willing to manage the side effects.

About anonymized URLs

If you upload an image or video to GitHub, the URL of the image or video will be modified so your information is not trackable.

Sudo mode

To confirm access to your account before you perform a potentially sensitive action, GitHub.com prompts for authentication.

Preventing unauthorized access

You may be alerted to a security incident in the media, such as the discovery of the Heartbleed bug, or your computer could be stolen while you're signed in to GitHub. In such cases, changing your password prevents any unintended future access to your account and projects.