📝 Git & GitHub

Setting Up Two-Factor Authentication on GitHub 🔒

0
Author
04e5cc8b-58ac-4bdc-bdee-661bbb
📅
Published
06.05.2026
⏱️
Reading time
3 min
👁️
Views
57
🌱
Level
Beginner
🐦 💼 ✈️

2FA (Two-Factor Authentication) adds an extra layer of protection to your account.

What Is 2FA and Why Do You Need It?

How it works:

  1. You enter your password (something you know)
  2. You enter a code from an app or SMS (something you have)

Why it matters:

  • 🔒 Protection against hacking even if your password is compromised
  • 🔒 Required for access to some organizations
  • 🔒 GitHub strongly recommends it for all developers

As of March 2023, GitHub requires 2FA for certain actions!

Preparation: Methods and App

Step 1: Choose Your 2FA Method

GitHub supports several methods:

1. Authenticator App (Recommended)
- ✅ Most secure
- ✅ Works offline
- ✅ Apps: Google Authenticator, Authy, Microsoft Authenticator

2. SMS codes
- ⚠️ Less secure (SIM-swap attacks)
- ⚠️ Requires mobile connectivity
- Good as a backup method

3. Security keys (Hardware keys)
- ✅✅✅ Maximum security
- YubiKey, Titan Security Key
- For professionals and very important accounts

Step 2: Install an Authenticator App

For iOS:
- Google Authenticator
- Microsoft Authenticator
- Authy (syncs between devices)

For Android:
- Google Authenticator
- Microsoft Authenticator
- Authy

Recommendation: Use Authy — it syncs between devices.

Enabling 2FA on GitHub

3.1 Open settings

  1. Log in to GitHub
  2. Click your avatar → Settings
  3. In the left menu: Password and authentication
  4. Find the Two-factor authentication section
  5. Click Enable two-factor authentication

3.2 Choose a method

GitHub will offer two options:

Set up using an app (Recommended)
- Use an Authenticator app

Set up using SMS
- Receive codes by SMS

Choose Set up using an app.

3.3 Scan the QR code

  1. Open the Authenticator app on your phone
  2. Tap + or Add account
  3. Choose Scan QR code
  4. Point your camera at the QR code on screen
  5. GitHub will appear in your accounts list

If the camera doesn’t work:
- Click enter this text code manually
- Copy the code
- Enter it in the app manually

3.4 Enter the confirmation code

  1. Look at the 6-digit code in the Authenticator app
  2. Enter it in the field on GitHub
  3. Click Verify

Saving Recovery Codes and Backup Method

Step 4: Save Recovery Codes

⚠️ VERY IMPORTANT!

GitHub will give you 16 recovery codes — your way to regain access if you lose your phone!

What to do with them:

✅ Download them (Download)
✅ Save in a secure place (password manager)
✅ Print and put in a safe
✅ Do NOT store them on the same device as your Authenticator!

Each code can be used ONCE.

Step 5: Set Up Fallback SMS (Optional)

For extra security, add SMS as a backup:

  1. Settings → Password and authentication
  2. Find SMS/Text message
  3. Click Add
  4. Enter your phone number
  5. Confirm the code from SMS

Now if you lose your Authenticator, you can get a code via SMS.

How to Log In With 2FA

Normal login:

  1. Enter your username and password
  2. GitHub will ask for a 2FA code
  3. Open your Authenticator app
  4. Enter the 6-digit code (refreshes every 30 seconds)
  5. Click Verify

Using Git from the command line?

You need to create a Personal Access Token (PAT):

  1. Settings → Developer settings → Personal access tokens → Tokens (classic)
  2. Generate new token (classic)
  3. Select scopes (e.g., repo, workflow)
  4. Generate token
  5. Copy the token (you won’t see it again!)
  6. Use the token instead of your password when doing git push/pull
# When prompted for a password, paste the PAT
git clone https://github.com/username/repo.git
Username: your-username
Password: <your Personal Access Token>

Lost Your Device? Account Recovery

Option 1: Recovery codes

  1. Go to GitHub login
  2. Enter your username and password
  3. GitHub will ask for 2FA
  4. Click Use a recovery code
  5. Enter one of your 16 codes

Option 2: SMS code (if set up)

  1. On the 2FA page click Text me a code
  2. Receive the SMS
  3. Enter the code

Option 3: Contact support

If you’ve lost everything:
- GitHub Support: https://support.github.com
- You’ll need to prove ownership of the account
- The process may take several days

Best Practices

Use an Authenticator app, not SMS
Save recovery codes in multiple places
Set up a backup method (SMS or a second Authenticator)
Use a PAT for Git operations from the terminal
Enable 2FA immediately after registration

Don’t:
- Don’t store recovery codes in the same place as your Authenticator
- Don’t use SMS only (easy to intercept)
- Don’t skip 2FA — it’s the foundation of account security

Enable 2FA right now — it takes 5 minutes! 🔒

Your reaction to the article

Previous article

Why you should make your repositories public: career benefi…

📝 06.05.2026
Next article

Migrating from Bitbucket to GitHub 🔄

📝 06.05.2026

💬 Comments (0)

🔐 Sign in to leave a comment
🚪 Login
💭

No comments yet

Be the first to share your opinion about this article!

🔗 Similar

Similar articles

Continue learning with these materials

📝

Git Hosting Platforms: Full Comparison 🏆

GitHub, GitLab, Bitbucket — which one to choose? A complete comparison with up-to-date data.

📅 06.05.2026 👁️ 51
📝

What Is a Git Commit and Why Do You Need It? 📸

A commit is a saved snapshot of your project at a specific point in time...

📅 06.05.2026 👁️ 54
📝

Why Git won over every other version control syst…

Today Git is the de facto standard for version control in software development. But it...

📅 06.05.2026 👁️ 50

Did you like the article?

Subscribe to our updates and receive new articles first. Grow with PyLand!

📚 All Articles 📧 Subscribe