It is possible to clone a fresh repository created in Azure DevOps, without being prompted for a password or security token. For example, after creating the Repo, it is possible to clone the repository from the command line using:
https://username@dev.azure.com/organization-name/project-name/_git/repo-name
There was no prompt to authenticate on the desktop command line before cloning the repository. My concern is that anyone can guess URL strings and try to clone private repositories.
When choosing to clone a repository, I have created a password, and also created a personal access token, but still no prompt for any security on the command line.
What is the proper way to secure an Azure DevOps repository?