Personal access token

In computing, a personal access token (or PAT) is a string of characters that can be used to authenticate a user when accessing a computer system instead of the usual password. Though associated with a single account, multiple PATs may be created, and can be manipulated independently of the password associated with that account, including creation and revocation of PATs without altering the password. The PAT is usually generated automatically by the remote system — for example, as a string of 52 alphanumeric characters. Typically, permissions may also be adjusted for each PAT individually, allowing or restricting access to certain classes of data or functions on the remote system. These permissions can usually be adjusted only after authenticating with the password. This can be a useful form of delegation of authorization, for example, when creating programs that will access the remote system. The PAT will typically be stored in a location accessible to the program, and therefore not typically as secure as a password. If the program or PAT is compromised, the damage will be limited by the permissions available to that PAT, and the PAT itself can easily be revoked to prevent further exploitation.