Skip to main content

This version of GitHub Enterprise Server was discontinued on 2024-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Changing your two-factor authentication method

You can change two-factor authentication (2FA) method without disabling 2FA entirely.

You can reconfigure your two-factor authentication (2FA) settings or add new 2FA methods without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA.

Changing an existing two-factor authentication method

You can change the time-based one-time password (TOTP) application you use to generate authentication codes.

  1. In the upper-right corner of any page on GitHub, click your profile photo, then click Settings.

  2. In the "Access" section of the sidebar, click Password and authentication.

  3. In "Two-factor methods", find the method you want to modify. Next to that method, click Edit. If you have multiple methods configured, select , then click Edit.

    Screenshot of the "Two-factor methods" settings. To the right of "Authenticator app," a dropdown menu, labeled with a kebab icon, is expanded and outlined in orange.

  4. Under "Scan the QR code", do one of the following:

    • Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on GitHub Enterprise Server.
    • If you can't scan the QR code, click setup key to see a code, the TOTP secret, that you can manually enter in your TOTP app instead.

    Screenshot of the "Setup authenticator app" section of the 2FA settings. A link, labeled "setup key", is highlighted in orange.

  5. The TOTP application saves your account on your GitHub Enterprise Server instance and generates a new authentication code every few seconds. On GitHub Enterprise Server, type the code into the field under "Verify the code from the app."

  6. Click Save to save the method to your GitHub account.

Warning

Changes to an existing 2FA method will only take effect after you have provided a valid code from the new method and clicked Save. Only replace the existing 2FA method on your device (e.g. the GitHub entry in your TOTP app) after your new method is saved to your GitHub account completely.

If you are unable to scan the setup QR code or wish to setup a TOTP app manually and require the parameters encoded in the QR code, they are:

  • Type: TOTP
  • Label: GitHub:<username> where <username> is your handle on GitHub, for example monalisa
  • Secret: This is the encoded setup key, shown if you click "Setup key" during configuration
  • Issuer: GitHub
  • Algorithm: The default of SHA1 is used
  • Digits: The default of 6 is used
  • Period: The default of 30 (seconds) is used

Adding additional two-factor authentication methods

We recommend adding more than one 2FA method to your account. This ensures that you can still sign in to your account, even if you lose one of your methods.

In addition to adding multiple 2FA methods, we strongly recommend setting up multiple recovery methods to avoid losing access to your account. For more information, see Configuring two-factor authentication recovery methods.

  1. In the upper-right corner of any page on GitHub, click your profile photo, then click Settings.

  2. In the "Access" section of the sidebar, click Password and authentication.

  3. In "Two-factor methods", find the method you want to add. Next to that method, click Add.

    Screenshot of the "Two-factor methods" settings. To the right of "SMS/Text message," a button labelled "Add" is outlined in orange.

  4. Under "Scan the QR code", do one of the following:

    • Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on GitHub Enterprise Server.
    • If you can't scan the QR code, click setup key to see a code, the TOTP secret, that you can manually enter in your TOTP app instead.

    Screenshot of the "Setup authenticator app" section of the 2FA settings. A link, labeled "setup key", is highlighted in orange.

  5. The TOTP application saves your account on your GitHub Enterprise Server instance and generates a new authentication code every few seconds. On GitHub Enterprise Server, type the code into the field under "Verify the code from the app."

  6. Click Save to save the method to your GitHub account. If you are unable to scan the setup QR code or wish to setup a TOTP app manually and require the parameters encoded in the QR code, they are:

  • Type: TOTP
  • Label: GitHub:<username> where <username> is your handle on GitHub, for example monalisa
  • Secret: This is the encoded setup key, shown if you click "Setup key" during configuration
  • Issuer: GitHub
  • Algorithm: The default of SHA1 is used
  • Digits: The default of 6 is used
  • Period: The default of 30 (seconds) is used

Setting a preferred two-factor authentication method

If you have multiple 2FA methods, you can choose a preferred method that will be shown first when you are asked to authenticate with 2FA.

  1. In the upper-right corner of any page on GitHub, click your profile photo, then click Settings.
  2. In the "Access" section of the sidebar, click Password and authentication.
  3. Under "Two-factor authentication" in "Preferred 2FA method", select your preferred 2FA method from the dropdown.

Further reading