SSH is the way to go
I have always found SSH keys the most convenient to use with Git operations, whether on GitHub or anywhere else. First of all it's easy to setup, only requires the SSH password to remember instead of username/password combo, and it integrates well with automated services (e.g. CI/CD), which can use an SSH daemon to securely use the stored password for the SSH key.
I had to look at the token-based approach in some depth while writing about this topic a while ago for Hackaday, and I'm not convinced that I would ever use it. Especially the part where you have to lug this (hardware) token around and remember the PIN for it seems like a bother. Plus I'm not really seeing how it'd make integrating with services any easier.
Biting the hand that feeds IT
