When you try to access some services in Visual Studio Online, you might need to enter your Alternate Credentials. Think about Git, for example.
This approach works, no questions about it. But in terms of security it isn’t the best choice. It isn’t granular at all and credentials have no expiry date.
But Visual Studio Online also provides Personal Access Tokens, to fix this inconvenience. A Personal Access Token offers better granularity and expiration management:
And how to use it? You need to safely store it (you can’t access them after the creation, by design), and then you can use the string in place of the password when asked.
The username in that case can be whatever, it is just not used.