Protect your GitHub account with two-factor authentication

Two-factor authentication adds an extra 'fence' of protection to your passwords. Thanks to this technology, hackers cannot access accounts with just one captured password.

Two-factor authentication requires you to add additional information to sign in. It could be a disposable PIN shared via email or SMS, or a code from an authenticator app like Authy or Google Authenticator.

GitHub will soon require two-factor authentication on every account. Right now, you can follow the instructions below to enable two-factor authentication for your GitHub account.

How to enable two-factor authentication on GitHub account

GitHub supports a variety of two-factor authentication methods, including SMS, authenticator app, hardware security key, and GitHub mobile app. However, it does require you to use a time-based one-time password app, aka an authenticator or SMS app, before adding another method.

Note

GitHub does not support sending SMS in a country outside the US. Therefore, it is best to avoid this option. If you want to use SMS, first check if GitHub supports this option in your country at the relevant support page.

Because SMS support is full of bugs, the article will guide you to set up two-factor authentication on GitHub using Twilio's Authy Authenticator, one of the best options available today. Start by downloading Authy and setting it up on your device, then follow these steps:

1. Go to GitHub.com and log into your account.

2. Select the account profile picture in the upper right corner, then click Settings from the menu that appears.

Protect your GitHub account with two-factor authentication Picture 1

3. Click Password and authentication from the left sidebar in Access .

Protect your GitHub account with two-factor authentication Picture 2

4. On the next page, select Enable two-factor authentication . GitHub will show a QR code on the next page.

Protect your GitHub account with two-factor authentication Picture 3

5. Open Authy and touch Add Account > select Scan QR Code . Scan the code by pointing the camera at the QR code on GitHub.com.

6. Authy will recognize the username. You can edit it or select Save to add an account under this default selection.

Protect your GitHub account with two-factor authentication Picture 4

7. Finally, tap your GitHub account name in Authy and enter the code shown on GitHub, in the Verify the code from the app section to complete linking the two. GitHub will show the recovery code on the next page. Select Download and save this file in a safe location.

8. Then select I have saved my recovery codes .

9. On the next page, you can set up additional authentication methods or select Done to finish.

Warning

The recovery code helps recover your account if you lose your device and can't access the authenticator app. This is the last resort method of account recovery, so keep the code safe. Otherwise, you may lose access to your GitHub account.

If you can't scan the QR code, you can use the text code to set up two-factor authentication on GitHub with Authy. First, choose to enter the text code in Scan the QR code on GitHub. Next, go back to Add Account in Authy and select Enter key manually under the Scan QR Code button. Finally, type the keyword shown on GitHub and tap Save to complete the setup.

Here's how to set up two-factor authentication for a GitHub account . Hope the article is useful to you.

David Pac

Update 14 March 2023