Recovering your account if you lose your 2FA credentials

Using a two-factor authentication recovery code

Use one of your recovery codes to automatically regain entry into your account. You may have saved your recovery codes to a password manager or your computer's downloads folder. The default filename for recovery codes is github-recovery-codes.txt. For more information about recovery codes, see "Configuring two-factor authentication recovery methods."

1. Type your username and password to prompt authentication.

   Warning: If you protect your personal account with two-factor authentication but do not know your password, you will not be able to follow these steps to recover your account. GitHub can send a password reset email to a verified address associated with your account. For more information, see "Updating your GitHub access credentials."

2. Under "Having problems?", click Use a recovery code or request a reset.

   

3. Type one of your recovery codes, then click Verify.

   

Authenticating with a fallback number

If you lose access to your primary TOTP app or phone number, you can provide a two-factor authentication code sent to your fallback number to automatically regain access to your account.

Authenticating with a security key

If you configured two-factor authentication using a security key, you can use your security key as a secondary authentication method to automatically regain access to your account. For more information, see "Configuring two-factor authentication."

Authenticating with a verified device, SSH token, or personal access token

If you know your password for GitHub.com but don't have the two-factor authentication credentials or your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account.

You can use your two-factor authentication credentials or two-factor authentication recovery codes to regain access to your account anytime during the 3-5 day waiting period.

1. Type your username and password to prompt authentication.

   Warning: If you protect your personal account with two-factor authentication but do not know your password, you will not be able to follow these steps to recover your account. GitHub can send a password reset email to a verified address associated with your account. For more information, see "Updating your GitHub access credentials."

2. Under "Having problems?", click Use a recovery code or request a reset.

   

3. To the right of "Locked out?", click Try recovering your account.

   

4. Click I understand, get started to request a reset of your authentication settings.

   

5. Click Send one-time password to send a one-time password to all eligible addresses associated with your account. Only verified emails are eligible for account recovery. If you've restricted password resets to your primary and/or backup addresses, these addresses are the only addresses eligible for account recovery.

   

6. Under "One-time password", type the temporary password from the recovery email GitHub sent.

   

7. Click Verify email address.

   

8. Choose an alternative verification factor.

   • If you've used your current device to log into this account before and would like to use the device for verification, click Verify with this device.
   • If you've previously set up an SSH key on this account and would like to use the SSH key for verification, click SSH key.
   • If you've previously set up a personal access token and would like to use the personal access token for verification, click Personal access token.

   

9. A member of GitHub Support will review your request and email you within three business days. If your request is approved, you'll receive a link to complete your account recovery process. If your request is denied, the email will include a way to contact support with any additional questions.