Starting September 16th, Docker is deprecating the ability to use passwords to sign-in to services via its CLI when users have Single Sign-On (SSO) enforcement turned on.
SSO enables users to authenticate once and get access to multiple different services. In this case, that includes Docker Desktop, Docker Hub, Docker Scout, and Docker Build Cloud.
When SSO was first introduced in 2022, Docker disabled the ability to use existing username and password combinations to sign-in to those services, but still allowed users to use the Docker CLI to access the Docker Hub registry. The idea was to provide a grace period to facilitate easier adoption of SSO enforcement.
With the grace period ending in September, what this means is that users will need to switch to using Personal Access Tokens (PATs) to login instead.
“At Docker, we continuously strive to improve the security of our platform,” Docker wrote in a post. “This deprecation is an essential step toward providing a secure environment for our users. By ensuring consistent enforcement of SSO across all services, we enhance your organization’s overall security posture. Adopting PATs helps you maintain the highest security standards and control over access to Docker resources.”