Case in point. This literally just happened to me just now:

me@My-MacBook content % brew install projectdiscovery/tap/httpx
==> Tapping projectdiscovery/tap
Cloning into '/usr/local/Homebrew/Library/Taps/projectdiscovery/homebrew-tap'...
Username for 'https://github.com': me
Password for 'https://me@github.com': 
remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
fatal: Authentication failed for 'https://github.com/projectdiscovery/homebrew-tap/'
Error: Failure while executing; `git clone https://github.com/projectdiscovery/homebrew-tap /usr/local/Homebrew/Library/Taps/projectdiscovery/homebrew-tap --origin=origin --template= --config core.fsmonitor=false` exited with 128.

Boy, I sure am glad I’m more secure now. I think the easiest way to get out of this is literally to make a new API token just for me to be able to type to this command. Time to log in to github and spend a few minutes not accomplishing what I was trying to do originally.

As I said before, using API tokens for genuine automated access, I’m all for. An easy way might be to only support typing passwords on interactive ttys or something, and enforce API tokens otherwise. But as it is, and especially given the fact that they’re specifically reducing the security of the interactive case, it’s hard not to be irritated when this kind of thing happens.

Edit: Oh, and it made me type my password into the github web site in order to generate the token. Hope no one’s shoulder- or camera-surfing me.

Also, I was following old instructions anyway; the command failed and I learned I should have just done brew install httpx. I wish github was configured so I could have learned that 10 minutes ago.