Hopefully they'll enhance the other authentication methods. I was quite surprised how complicated yet insecure the GitHub Actions and personal access token mechanisms are just last week.
GitHub Actions tokens are scoped to the single repo they operate in, so for anything that you need covering any cross-repository or org access the official docs immediately tell you to just use a PAT instead. But PATs have no repository scoping whatsoever, it's all or nothing. So although both PATs and GHA Tokens have these complex scope requests, it's completely missing the most basic use cases in my opinion, like creating a PR in repo X, allow installing a package from GitHub Packages in repo Y, check out code from repo Z etc. You either go full mono-repo for everything, or you use PATs for everything with no repository boundaries at all, yikes.
The scoping of pat currently are terrible. If I want a read only access token, the user needs to be read only, if I went write, user needs write permissions. This means I need 2 users
You could always use "Deploy keys" which are per-repo read-only SSH keys. You could set up multiple repos with the same deploy key and use the private key in GitHub Actions secrets.
The current suggested solution is to create a new user just for that repo and create a PAT in that user. So the PAT will only have access to that repo.
GitHub Actions tokens are scoped to the single repo they operate in, so for anything that you need covering any cross-repository or org access the official docs immediately tell you to just use a PAT instead. But PATs have no repository scoping whatsoever, it's all or nothing. So although both PATs and GHA Tokens have these complex scope requests, it's completely missing the most basic use cases in my opinion, like creating a PR in repo X, allow installing a package from GitHub Packages in repo Y, check out code from repo Z etc. You either go full mono-repo for everything, or you use PATs for everything with no repository boundaries at all, yikes.