Warnings:
- For security reasons, GitHub Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery methods.
Using a two-factor authentication recovery code
Use one of your recovery codes to automatically regain entry into your account. You may have saved your recovery codes to a password manager or your computer's downloads folder. The default filename for recovery codes is github-recovery-codes.txt
. For more information about recovery codes, see "Configuring two-factor authentication recovery methods."
-
Type your username and password to prompt authentication.
Warning: If you protect your personal account with two-factor authentication but do not know your password, you will not be able to follow these steps to recover your account. GitHub can send a password reset email to a verified address associated with your account. For more information, see "Updating your GitHub access credentials."
-
Under "Having problems?", click Use a recovery code or request a reset.
-
Type one of your recovery codes, then click Verify.
Authenticating with a fallback number
If you lose access to your primary TOTP app or phone number, you can provide a two-factor authentication code sent to your fallback number to automatically regain access to your account.
Authenticating with a security key
If you configured two-factor authentication using a security key, you can use your security key as a secondary authentication method to automatically regain access to your account. For more information, see "Configuring two-factor authentication."
Authenticating with a verified device, SSH token, or personal access token
If you know your password for GitHub.com but don't have the two-factor authentication credentials or your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account.
Note: For security reasons, regaining access to your account by authenticating with a one-time password can take up to three business days. GitHub will not review additional requests submitted during this time.
You can use your two-factor authentication credentials or two-factor authentication recovery codes to regain access to your account anytime during the 3-5 day waiting period.
-
Type your username and password to prompt authentication.
Warning: If you protect your personal account with two-factor authentication but do not know your password, you will not be able to follow these steps to recover your account. GitHub can send a password reset email to a verified address associated with your account. For more information, see "Updating your GitHub access credentials."
-
Under "Having problems?", click Use a recovery code or request a reset.
-
To the right of "Locked out?", click Try recovering your account.
-
Click I understand, get started to request a reset of your authentication settings.
-
Click Send one-time password to send a one-time password to all eligible addresses associated with your account. Only verified emails are eligible for account recovery. If you've restricted password resets to your primary and/or backup addresses, these addresses are the only addresses eligible for account recovery.
-
Under "One-time password", type the temporary password from the recovery email GitHub sent.
-
Click Verify email address.
-
Choose an alternative verification factor.
- If you've used your current device to log into this account before and would like to use the device for verification, click Verify with this device.
- If you've previously set up an SSH key on this account and would like to use the SSH key for verification, click SSH key.
- If you've previously set up a personal access token and would like to use the personal access token for verification, click Personal access token.
-
A member of GitHub Support will review your request and email you within three business days. If your request is approved, you'll receive a link to complete your account recovery process. If your request is denied, the email will include a way to contact support with any additional questions.