You can set up your GitHub Enterprise account to require an authentication code in addition to your password when you sign in.

About Two-Factor Authentication

Two-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in.

Configuring two-factor authentication via a TOTP mobile app

A Time-based One-Time Password (TOTP) application automatically generates an authentication code that changes after a certain period of time.

Configuring two-factor authentication via FIDO U2F

After you configure 2FA via a TOTP mobile app, you can add a security key that supports the FIDO U2F standard to use for two-factor authentication on GitHub Enterprise.

Downloading your two-factor authentication recovery codes

After successfully setting up two-factor authentication via a TOTP mobile application , the Two-factor recovery codes (https://[hostname]/settings/auth/recovery-codes) page lists your valid recovery codes. We strongly recommend saving your recovery codes in a safe place, like a password manager. If you're unable to save them immediately, you can download them at any point after enabling two-factor authentication.

Providing your 2FA authentication code

With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you access GitHub Enterprise.

Authenticating to GitHub using FIDO U2F via NFC

On your Android phone, you can use a FIDO U2F compatible security key and Google Authenticator to securely sign into your GitHub account with Near Field Communication (NFC).

Recovering your account if you lost your 2FA credentials

Having access to your recovery codes in a secure place will get you back into your account.

Disabling two-factor authentication for your personal account

If you disable two-factor authentication for your personal account, you may lose access to organizations you belong to.