Protect your GitHub account with two-factor authentication
Two-factor authentication adds an extra 'fence' of protection to your passwords. Thanks to this technology, hackers cannot access accounts with just one captured password.
Two-factor authentication requires you to add additional information to sign in. It could be a disposable PIN shared via email or SMS, or a code from an authenticator app like Authy or Google Authenticator.
GitHub will soon require two-factor authentication on every account. Right now, you can follow the instructions below to enable two-factor authentication for your GitHub account.
How to enable two-factor authentication on GitHub account
GitHub supports a variety of two-factor authentication methods, including SMS, authenticator app, hardware security key, and GitHub mobile app. However, it does require you to use a time-based one-time password app, aka an authenticator or SMS app, before adding another method.
Note
GitHub does not support sending SMS in a country outside the US. Therefore, it is best to avoid this option. If you want to use SMS, first check if GitHub supports this option in your country at the relevant support page.
Because SMS support is full of bugs, the article will guide you to set up two-factor authentication on GitHub using Twilio's Authy Authenticator, one of the best options available today. Start by downloading Authy and setting it up on your device, then follow these steps:
1. Go to GitHub.com and log into your account.
2. Select the account profile picture in the upper right corner, then click Settings from the menu that appears.
3. Click Password and authentication from the left sidebar in Access .
4. On the next page, select Enable two-factor authentication . GitHub will show a QR code on the next page.
5. Open Authy and touch Add Account > select Scan QR Code . Scan the code by pointing the camera at the QR code on GitHub.com.
6. Authy will recognize the username. You can edit it or select Save to add an account under this default selection.
7. Finally, tap your GitHub account name in Authy and enter the code shown on GitHub, in the Verify the code from the app section to complete linking the two. GitHub will show the recovery code on the next page. Select Download and save this file in a safe location.
8. Then select I have saved my recovery codes .
9. On the next page, you can set up additional authentication methods or select Done to finish.
Warning
The recovery code helps recover your account if you lose your device and can't access the authenticator app. This is the last resort method of account recovery, so keep the code safe. Otherwise, you may lose access to your GitHub account.
If you can't scan the QR code, you can use the text code to set up two-factor authentication on GitHub with Authy. First, choose to enter the text code in Scan the QR code on GitHub. Next, go back to Add Account in Authy and select Enter key manually under the Scan QR Code button. Finally, type the keyword shown on GitHub and tap Save to complete the setup.
Here's how to set up two-factor authentication for a GitHub account . Hope the article is useful to you.
You should read it
- 5 Multi-Factor Authentication Vulnerabilities and how to fix them
- How to turn on two-factor authentication on Slack
- Already able to perform two-factor authentication on Instagram without SMS
- Why shouldn't SMS be used to authenticate two factors and what are alternatives?
- How to manage two-factor authentication accounts (2FA) with Authy
- Google: 2-factor authentication can prevent 100% of automated bot hacks
- How to create authentication code on Open Two-Factor Authenticator Chrome
- Deploy multi-factor authentication to remote Microsoft Teams users
May be interested
- How to create authentication code on Open Two-Factor Authenticator Chromeopen two-factor authenticator is a utility for creating 2-step authentication codes, with password protection for 2-step authentication accounts.
- Deploy multi-factor authentication to remote Microsoft Teams usersin this article, readers will learn how to apply multi-factor authentication to all remote users in microsoft teams. the same principle can be applied to any other application based on azure active directory.
- Google Account security guide with Google Authenticatorgoogle authenticator protects your google account from keyloggers and password theft. with two-factor authentication, you will need the password and authentication code to log in.
- Google now allows G Suite administrators to disable unsafe 2FA authenticationgoogle recently added a new dashboard option to g suite administrators (admin console), designed to help administrators have the right to disable phone options as a two-factor authentication method ( 2fa) for g suite accounts in their domain, preventing users from using sms and voice codes when authenticating.
- More than 90% of Gmail users still don't use the two-factor authentication featurea google engineer has revealed that more than 90 percent of active gmail accounts do not use two-factor authentication (2fa), according to a report from the register.
- How to secure Linux Ubuntu with two-factor authenticationtoday the battle between hackers and information security experts is going on. according to a study by the bureau of labor statistics, the expected growth rate for the information security industry is much higher than all other industries. as innocent bystanders, we have a number of measures that can be taken to prevent bad guys from getting into the computer.
- How to use the Microsoft Authenticator appmicrosoft authenticator is an app that enables two-factor authentication on supported apps and websites. two-factor authentication (2fa) is much harder to beat than just adding a password to an account.
- Passkeys: How to log in to GitHub without a passwordwith github passkey, accessing your github account on your device has never been easier, safer and more convenient. below are detailed instructions.
- Phone numbers can be revealed if using 2FA via SMS on Facebook2fa (two-factor authentication) is a great security solution and everyone should use it. but 2fa-based sms is not the best choice, and now the two-factor authentication via sms is worse than on facebook.
- How to authenticate the latest Zalo accountzalo account authentication brings many practical benefits, especially in the context of increasing attention to network security.