Over the last weeks I run in to constant login problems with my Git repositories hosted in Azure DevOps. One day everything works, the next day I cannot connect. I seems as if Microsoft is pushing more actively the move to personal access tokens and the older approach with alternate credentials comes to an end. Those tokens offer more flexibility and you can create them in just a few simple steps.
Create your personal access token
The tokens you create are connected to an organisation. Therefore, if you are a member of multiple organisations you need to create a token for each one of them. Open Azure DevOps with the first organisation and click on your profile picture in the top right corner:
The menu security brings you to directly to the overview of your personal access tokens:
All you need to do is to click on the new token button and fill out the form:
The form offers you a lot more options than the alternate credentials did. You can give fine grained permissions to all the different parts your account has access to. I restrict the tokens I use with Git clients to the source code part and give no other permissions.
As soon as you click create you see your token. COPY IT immediately! As the screen explains it will not be stored and you will not get a second chance to copy it:
Use your token
The token you created above is your new password that you can use in all the places you gave it permission for. In my example above I can use this token with my Git clients (GitKraken and GitHub Desktop), but I can not login or access the portal.
Manage your tokens
If you go back to the security page (using the security entry in the menu on your profile picture) you now can manage your tokens.
The most important action is revoke. Should your token be lost, or someone got access to it, you can revoke the token and the access to your account is no longer possible.
Hopefully, you will only need to use the regenerate action to replace an old token with a new one – most likely when the token reached its end of life.
Conclusion
With a more fine-grained access control the personal access tokens are a good replacement for the alternate credentials. You need a little bit more work to create and maintaining them, but the additional security is worth it. You can try them right now or wait until you no longer can work with your current credentials.