In addition to securely storing your two-factor authentication recovery codes, we strongly recommend configuring one or more additional recovery methods.
Downloading your two-factor authentication recovery codes
When you configure two-factor authentication, you'll download and save your 2FA recovery codes. If you lose access to your phone, you can authenticate to GitHub Enterprise Cloud using your recovery codes. You can also download your recovery codes at any point after enabling two-factor authentication.
To keep your account secure, don't share or distribute your recovery codes. We recommend saving them with a secure password manager, such as:
If you generate new recovery codes or disable and re-enable 2FA, the recovery codes in your security settings automatically update.
- In the upper-right corner of any page, click your profile photo, then click Settings.
- In the left sidebar, click Account security.
- Next to "Recovery codes," click Show.
- Save your recovery codes in a safe place. Your recovery codes can help you get back into your account if you lose access.
- To save your recovery codes on your device, click Download.
- To save a hard copy of your recovery codes, click Print.
- To copy your recovery codes for storage in a password manager, click Copy.
Generating a new set of recovery codes
Once you use a recovery code to regain access to your account, it cannot be reused. If you've used all 16 recovery codes, you can generate another list of codes. Generating a new set of recovery codes will invalidate any codes you previously generated.
- In the upper-right corner of any page, click your profile photo, then click Settings.
- In the left sidebar, click Account security.
- Next to "Recovery codes," click Show.
- To create another batch of recovery codes, click Generate new recovery codes.
Configuring a security key as an additional two-factor authentication method
You can set up a security key as a secondary two-factor authentication method, and use the security key to regain access to your account. For more information, see "Configuring two-factor authentication."
Setting a fallback authentication number
You can provide a second number for a fallback device. If you lose access to both your primary device and your recovery codes, a backup SMS number can get you back in to your account.
You can use a fallback number regardless of whether you've configured authentication via text message or TOTP mobile application.
Warning: Using a fallback number is a last resort. We recommend configuring additional recovery methods if you set a fallback authentication number.
- Bad actors may attack cell phone carriers, so SMS authentication is risky.
- SMS messages are only supported for certain countries outside the US; for the list, see "Countries where SMS authentication is supported".
- In the upper-right corner of any page, click your profile photo, then click Settings.
- In the left sidebar, click Account security.
- Next to "Fallback SMS number", click Add.
- Under "Fallback SMS number", click Add fallback SMS number.
- Select your country code and type your mobile phone number, including the area code. When your information is correct, click Set fallback.
After setup, the backup device will receive a confirmation SMS.