DEV Community

Discussion on: Safe & save - Git password under Windows

brunovieira97 profile image
Bruno Vieira

Actually, that will use Git Credential Manager (GCM), a Microsoft project implemented to be compatible with a handful of Git online platforms (e.g. GitHub, Bitbucket, Azure DevOps).

Git for Windows installer packages GCM with it by default, and the installer would recommend it as the selected option as well.

What GCM does, on GitHub for example, is create a PAT (Personal Access Token) on your account that is linked to the current PC. So, instead of using your password to authenticate, it uses the PAT. You can check this on your GitHub settings page.

Recently, though, Microsoft has been working on Git Credential Manager Core, that is a new, cross-platform version of GCM that does not rely on PATs and is much more stable because of that.

You see, PATs are not that accurate, and there's a chance they'll need to be generated again multiple times because of weird expiration issues.

So GCM Core will authenticate to your GitHub account, for example, as an application, just like when you log in to a website using your Facebook account. GitHub already supports this, and uses it as a login mechanism.

GCM Core is the recommended option now, and you can select it at any GUI installer of Git for Windows for the latest versions (I don't recall the specific one that started to package it, though).

You can check the projects here: