Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. It requires you to log in with your username, password, and provide an additional form of authentication that is uniquely accessed by you.
By the end of 2023, 2FA will be mandatory for all GitHub accounts - both on web and mobile (iOS and Android). Let’s get a head start on the process by enabling at least 1 form of 2FA on our GitHub accounts.
In your account, you have the option to choose one of the following methods for 2FA:
- Authenticator App (TOTP app)
- Text/SMS Authentication
- GitHub Mobile App
- Security Codes
I strongly recommend using an authenticator app, such as Microsoft Authenticator or Authy, to configure 2FA for your account as they are more reliable that SMS/text message based authentication.
Let's walkthrough configuring 2FA on web and mobile using an authenticator app.
Configuring 2FA on the Web
To enable 2FA on GitHub's webpp, follow these steps:
Download an authenticator app. I'm using Microsoft Authenticator.
You will then see an option to enable 2FA, click the green button, "Enable two-factor authentication"
-
This will take you to a page to setup your authenticator app. Use the authenticator app you downloaded to scan the QR code on the screen.
Once you scan the QR code with the app, enter the generated code in the highlighted text box and click Continue.
-
The next screen will ask you to download your recovery codes. Click the green download button and save these codes in a password manager - I love Bitwarden.
After you've downloaded and saved your codes, click the green button "I have saved my recovery codes" to confirm your download and complete enabling 2FA on your account.
And you're done! You've successfully enabled 2FA on your account.
You can add a backup 2FA method for your account just in case using a security code (such as a touch ID on mac or a yubikey) or the GitHub mobile app.
Configuring 2FA on Mobile
Getting 2FA enabled on your mobile device is very similar to what we just did on the web app. I'll be using an android device.
Go to the play store on Android or iOS App Store, search for the GitHub Mobile app install it (Im using an Android device).
Once installed, you'll be prompted to sign into your account with your username and password.
-
Since we just enabled 2FA on the webapp in our account, we'll be prompted to engter the authentication code from the authenticator app we previously downloaded. Enter the code and click Verify
Onced verified, you'll be prompted to authorize your GitHubHub mobile app with your GitHub account. Select Authorize github to continue
Once authorized, you'll be rerouted to the Home screen on mobile.
Wrapup
And that's it! You've successfully enabled 2FA on GitHub web and mobile. Now GitHub your account is more secure. 🔐
If you ever lose access to your 2FA credentials, you can use your recovery codes to gain access to your GitHub account. Learn how to use your recovery codes by reading the GitHub docs on Recovering your account if you lose your 2FA credentials. You can also learn more about 2FA by reading the docs on GitHub.