We are here to help!
We are offering free subscriptions and cybersecurity consultancy to support companies affected by COVID-19 outbreak.
Learn more

How to enable two-factor authentication in Github?

A time-based one-time password (TOTP) application automatically generates an authentication code that changes after a certain period of time. We recommend using cloud-based TOTP apps such as:

Tip: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time. If 2FA is already enabled and you want to add another device, you must re-configure 2FA from your security settings.

1. Go to your security under your settings

Download a TOTP app.

In the upper-right corner of any page, click your profile photo, then click Settings.

In the user settings sidebar, click Security.

2. Enable Two-factor authentication

Under “Two-factor authentication”, click Enable two-factor authentication.

Click setup using app

3. Save your recovery codes

On the Two-factor authentication page, click Set up using an app.

  • Save your recovery codes in a safe place. Your recovery codes can help you get back into your account if you lose access.
  • To save your recovery codes on your device, click Download.
  • To save a hard copy of your recovery codes, click Print.
  • To copy your recovery codes for storage in a password manager, click Copy.

4. Scan your QR code using Authenticator App

After saving your two-factor recovery codes, click Next.

On the Two-factor authentication page, do one of the following:

  • Scan the QR code with your mobile device’s app. After scanning, the app displays a six-digit code that you can enter on GitHub.
  • If you can’t scan the QR code, click enter this text code to see a code you can copy and manually enter on GitHub instead.

5. Enter your code and enable two factor.

The TOTP mobile application saves your GitHub account and generates a new authentication code every few seconds. On GitHub, on the 2FA page, type the code and click Enable.

After you’ve saved your recovery codes and enabled 2FA, we recommend you sign out and back in to your account. In case of problems, such as a forgotten password or typo in your email address, you can use recovery codes to access your account and correct the problem.