Accessing GitHub using two-factor authentication
With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you sign in or authenticate to GitHub Enterprise.
With two-factor authentication enabled, you'll need to provide an authentication code when accessing GitHub Enterprise through the website, via the API, or via GitHub Desktop. If you access GitHub Enterprise using other methods, you'll need to provide an alternative second form of authentication.
In this guide
- Using two-factor authentication with the API
- Using two-factor authentication with GitHub Desktop
- Using two-factor authentication to access a repository using Subversion
Providing a 2FA code when signing in to the website
After you sign in to GitHub Enterprise using your password, you'll be prompted to provide an authentication code from your TOTP app.
GitHub Enterprise will only ask you to provide your 2FA authentication code again if you've logged out, are using a new device, or your session expires.
Tip: If you're providing a recovery code instead of an authentication code, make sure you do not enter your recovery code in the authentication code field. For more information, see "Recovering your account if you lose your 2FA credentials."
Generating a code through a TOTP application
If you chose to set up two-factor authentication using a TOTP application on your smartphone, you can generate an authentication code for GitHub Enterprise at any time. In most cases, just launching the application will generate a new code. You should refer to your application's documentation for specific instructions.
If you delete the mobile application after configuring two-factor authentication, you'll need to provide your recovery code to get access to your account. For more information, see "Recovering your account if you lose your two-factor authentication credentials"
Using a FIDO U2F compatible security key
If you set up two-factor authentication via a security key, you can authenticate to GitHub Enterprise on your computer or compatible Android phone with Near Field Communication (NFC) support instead of using codes generated by a TOTP application . For specific instructions for authenticating with a security key, see the documentation for your device.
- In the Chrome browser on your Android phone, navigate to [hostname].
- Tap > Sign in.
- Enter your username and password, then click Sign in.
- When you see the Google Authenticator page, touch your U2F device to the back of the phone. It will authenticate and sign you into your account.
Using two-factor authentication with the API
With 2FA enabled, you'll need to pass along a special header containing your 2FA authentication code. For more information, see "Other authentication methods" in the GitHub Developer documentation.
Using two-factor authentication with GitHub Desktop
For information on accessing GitHub Desktop with two-factor authentication, see "Authenticating to GitHub" in the GitHub Desktop documentation.
Using two-factor authentication with the command line
After you've enabled 2FA, you must use a personal access token or SSH key instead of your password when accessing GitHub Enterprise on the command line.
Authenticating on the command line using HTTPS
After you've enabled 2FA, you must create a personal access token to use as a password when authenticating to GitHub Enterprise on the command line using HTTPS URLs.
When prompted for a username and password on the command line, use your GitHub Enterprise username and personal access token. The command line prompt won't specify that you should enter your personal access token when it asks for your password.
For more information, see "Creating a personal access token for the command line."
Authenticating on the command line using SSH
Enabling 2FA doesn't change how you authenticate to GitHub Enterprise on the command line using SSH URLs. For more information about setting up and using an SSH key, see "Connecting to GitHub with SSH."
Using two-factor authentication to access a repository using Subversion
When you access a repository via Subversion, you must provide a personal access token instead of entering your password. For more information, see "Creating a personal access token for the command line."
If you lose access to your two-factor authentication credentials, you can use your recovery codes or another recovery method (if you've set one up) to regain access to your account. For more information, see "Recovering your account if you lose your 2FA credentials."
If your authentication fails several times, you may wish to synchronize your phone's clock with your mobile provider. Often, this involves checking the "Set automatically" option on your phone's clock, rather than providing your own time zone.