From the blog post you linked, I can see at least one benefit of tokens over SSH keys: while tokens and SSH keys both share the Unique, Revocable, and Random benefits quoted in the blog post below, tokens are also Limited in comparison to SSH keys in that they come with their own scoped permissions baked in:
While SSH keys can be read-only or read-write enabled, or scoped to specific repositories, personal access tokens do have an edge in terms of their finer-grained permissions model in comparison. This is likely why GitHub recommends tokens over SSH keys.
Tokens offer a number of security benefits over password-based
authentication:
- Unique – tokens are specific to GitHub and can be generated per use or
per device- Revocable – tokens can can be individually revoked at any
time without needing to update unaffected credentials- Limited – tokens
can be narrowly scoped to allow only the access necessary for the use
case- Random – tokens are not subject to the types of dictionary or
brute force attempts that simpler passwords that you need to remember
or enter regularly might be