Skip to main content

Securing your account with two-factor authentication (2FA)

You can set up your account on to require an authentication code in addition to your password when you sign in.

Note: Starting in March 2023 and through the end of 2023, GitHub will gradually begin to require all users who contribute code on to enable one or more forms of two-factor authentication (2FA). If you are in an eligible group, you will receive a notification email when that group is selected for enrollment, marking the beginning of a 45-day 2FA enrollment period, and you will see banners asking you to enroll in 2FA on If you don't receive a notification, then you are not part of a group required to enable 2FA, though we strongly recommend it.

For more information about the 2FA enrollment rollout, see this blog post.

About two-factor authentication

Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.

Configuring two-factor authentication

You can choose among multiple options to add a second source of authentication to your account.

Configuring two-factor authentication recovery methods

You can set up a variety of recovery methods to access your account if you lose your two-factor authentication credentials.

Accessing GitHub using two-factor authentication

With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you sign in to GitHub Enterprise Cloud.

Recovering your account if you lose your 2FA credentials

If you lose access to your two-factor authentication credentials, you can use your recovery codes, or another recovery option, to regain access to your account.

Changing your two-factor authentication method

You can change two-factor authentication (2FA) method without disabling 2FA entirely.

About mandatory two-factor authentication

Enable mandatory two-factor authentication to secure your account and maintain access to

Countries where SMS authentication is supported

Because of delivery success rates, GitHub Enterprise Cloud only supports two-factor authentication via SMS for certain countries.

Disabling two-factor authentication for your personal account

If you disable two-factor authentication for your personal account, you may lose access to organizations you belong to.