Two-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in.
In GitHub Enterprise's case, this additional information is an authentication code delivered to your cell phone that's generated by an application on your smartphone. After 2FA is enabled, GitHub generates an authentication code that is sent to your phone any time someone attempts to sign into your GitHub account. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.
We strongly urge you to turn on 2FA for the safety of your account, not only on GitHub Enterprise, but on other websites that support it. You can use 2FA to access GitHub Enterprise via:
- The GitHub Enterprise website
- The GitHub API
- GitHub Desktop
A Time-based One-Time Password (TOTP) application automatically generates an authentication code that changes after a certain period of time. We strongly recommend using a TOTP application to configure 2FA. TOTP applications are more reliable than SMS, especially for locations outside the US.
After successfully setting up two-factor authentication via a TOTP mobile application , you'll be provided a set of randomly generated recovery codes that you can view and save. We strongly recommend saving your recovery codes immediately. If you don't, though, you can download them at any point after enabling two-factor authentication.
With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you access GitHub Enterprise.
Having access to your recovery codes in a secure place will get you back into your account.