Securing your account with two-factor authentication (2FA)

You can set up your account on GitHub to require an authentication code in addition to your password when you sign in.

Note

As of March 2023, GitHub required all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA). If you were in an eligible group, you would have received a notification email when that group was selected for enrollment, marking the beginning of a 45-day 2FA enrollment period, and you would have seen banners asking you to enroll in 2FA on GitHub.com. If you didn't receive a notification, then you were not part of a group required to enable 2FA, though we strongly recommend it.

For more information about the 2FA enrollment rollout, see this blog post.

About two-factor authentication

Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.

Configuring two-factor authentication

You can choose among multiple options to add a second source of authentication to your account.

Configuring two-factor authentication recovery methods

You can set up a variety of recovery methods to access your account if you lose your two-factor authentication credentials.

Accessing GitHub using two-factor authentication

With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you sign in to GitHub Enterprise Cloud.

Recovering your account if you lose your 2FA credentials

If you lose access to your two-factor authentication credentials, you can use your recovery codes, or another recovery option, to regain access to your account.

Changing your two-factor authentication method

You can change two-factor authentication (2FA) method without disabling 2FA entirely.

About mandatory two-factor authentication

Enable mandatory two-factor authentication to secure your account and maintain access to GitHub.com.

Countries where SMS authentication is supported

Because of delivery success rates, GitHub Enterprise Cloud only supports two-factor authentication via SMS for certain countries.

Disabling two-factor authentication for your personal account

If you disable two-factor authentication for your personal account, you may lose access to organizations you belong to.