After you configure 2FA via a TOTP mobile app, you can add a security key that supports the FIDO U2F standard to use for two-factor authentication on GitHub Enterprise.

Note: FIDO U2F authentication is currently only available for the Chrome browser.

Warning for users in organizations that require two-factor authentication:

  • If you're a member or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA on your GitHub Enterprise instance.
  • If you disable 2FA you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner.
  1. You must have already configured 2FA via a TOTP mobile app.
  2. Ensure that you have a FIDO U2F compatible security key inserted into your computer.
  3. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
  4. In the user settings sidebar, click Security. Security settings sidebar

  5. Under two-factor authentication, click Edit. Edit 2FA methods

  6. Under Security keys, click Register new device. Registering a new FIDO U2F device

  7. Type a nickname for the security key, then click Add. Providing a nickname for a FIDO U2F device
  8. When prompted, touch your security key to have it authenticate against GitHub Enterprise. Prompt for a FIDO U2F device
  9. If you're authenticating to GitHub Enterprise on an Android phone, you can use your FIDO U2F compatible security key and Google Authenticator to sign into your account with Near Field Communication (NFC).
  10. Confirm that you've downloaded and can access your recovery codes. If you haven't already, or if you'd like you generate another set of codes, download your codes and save them in a safe place. If you lose access to your account, you can use your recovery codes to get back into your account. For more information, see "Downloading your two-factor authentication recovery codes." Download recovery codes button
  11. After you've saved your recovery codes and enabled 2FA, we recommend you sign out and back in to your account. In case of problems, such as a forgotten password or typo in your email address, you can use recovery codes to access your account and correct the problem.

    Further reading