| title | intro | redirect_from | versions | topics | shortTitle | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Accessing GitHub using two-factor authentication |
With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you sign in to {% data variables.product.github %}. |
|
|
|
Access GitHub with 2FA |
{% ifversion 2fa-check-up-period %}
With two-factor authentication (2FA) enabled, you'll need to use a second factor when accessing {% data variables.product.github %}through your browser. When you first configure 2FA, your account will enter a check up period for 28 days to ensure your account's 2FA methods are setup correctly. You can exit the check up period by successfully performing 2FA within 28 days. If you don't authenticate within 28 days, you'll be asked to perform 2FA inside one of your existing {% data variables.product.github %} sessions. If you cannot perform 2FA to pass the 28th day checkup, use the provided shortcut to reconfigure your 2FA settings and retain access to {% data variables.product.github %}. For more information, see AUTOTITLE.
If you access {% data variables.product.github %} using other methods, such as the API or the command line, you'll authenticate using a token, application, or SSH key. For more information, see AUTOTITLE.
{% else %}
With two-factor authentication enabled, you'll need to provide an authentication code{% ifversion fpt or ghec %}, tap a notification in GitHub Mobile,{% endif %} or use a security key when accessing {% data variables.product.github %} through your browser. If you access {% data variables.product.github %} using other methods, such as the API or the command line, you'll need to use an alternative form of authentication. For more information, see AUTOTITLE.
{% endif %}
After you sign in to {% data variables.product.github %} using your password, you'll need to provide an authentication code{% ifversion fpt or ghec %}, tap a notification in {% data variables.product.prodname_mobile %},{% endif %} or use a security key to perform 2FA.
{% data variables.product.github %} will only ask you to provide your 2FA authentication code again if you've logged out, are using a new device, are performing a sensitive action, or your session expires. For more information on 2FA for sensitive actions, see AUTOTITLE.
If you chose to set up two-factor authentication using a TOTP application, you can generate an authentication code for {% data variables.product.github %} at any time. In most cases, just launching the application will generate a new code. You should refer to your application's documentation for specific instructions.
If you delete your authenticator application after configuring two-factor authentication, you'll need to provide your recovery code to get access to your account. Many TOTP apps support the secure backup of your authentication codes in the cloud and can be restored if you lose access to your device. For more information, see AUTOTITLE.
If you've set up a security key on your account, and your browser supports security keys, you can use it to complete your sign in.
- Using your username and password, sign in to {% data variables.product.github %} through your browser.
- If you use a physical security key, ensure it's connected to your device.
- To trigger the security key prompt from your operating system, select "Use security key."
- Select the appropriate option in the prompt. Depending on your security key configuration, you may type a PIN, complete a biometric prompt, or use a physical security key.
{% ifversion passkeys %}
If you have enabled 2FA, and you have added a passkey to your account, you can use the passkey to sign in. Since passkeys satisfy both password and 2FA requirements, you can complete your sign in with a single step. See AUTOTITLE.
{% endif %}
{% ifversion fpt or ghec %}
If you set up two-factor authentication via text messages, {% data variables.product.github %} will send you a text message with your authentication code.
If you have installed and signed in to {% data variables.product.prodname_mobile %}, you may choose to authenticate with {% data variables.product.prodname_mobile %} for two-factor authentication.
-
Sign in to {% data variables.product.github %} with your browser, using your username and password.
-
{% data variables.product.github %} will send you a push notification to verify your sign in attempt. Opening the push notification or opening the {% data variables.product.prodname_mobile %} app will display a prompt, asking you to approve or reject this sign in attempt.
[!NOTE] This prompt may require you to enter a two-digit number displayed within the browser you are signing in to.
- Upon approving the login attempt using {% data variables.product.prodname_mobile %}, your browser will complete the sign in attempt automatically.
- Rejecting the sign in attempt will prevent the authentication from finishing. For more information, see AUTOTITLE.
{% endif %}
{% ifversion ghes %} After you've enabled 2FA, you will no longer use your password to access {% data variables.product.github %} on the command line. Instead, use Git Credential Manager, a {% data variables.product.pat_generic %}, or an SSH key. {% endif %}
Git Credential Manager is a secure Git credential helper that runs on Windows, macOS, and Linux. For more information about Git credential helpers, see Avoiding repetition in the Pro Git book.
Setup instructions vary based on your computer's operating system. For more information, see Download and install in the GitCredentialManager/git-credential-manager repository.
You must create a {% data variables.product.pat_generic %} to use as a password when authenticating to {% data variables.product.github %} on the command line using HTTPS URLs.
When prompted for a username and password on the command line, use your {% data variables.product.github %} username and {% data variables.product.pat_generic %}. The command line prompt won't specify that you should enter your {% data variables.product.pat_generic %} when it asks for your password.
For more information, see AUTOTITLE.
Enabling 2FA doesn't change how you authenticate to {% data variables.product.github %} on the command line using SSH URLs. For more information about setting up and using an SSH key, see AUTOTITLE.
{% ifversion ghes < 3.13 %}
{% data reusables.subversion.sunset %}
When you access a repository via Subversion, you must provide a {% data variables.product.pat_generic %} instead of entering your password. For more information, see AUTOTITLE. {% endif %}
If you lose access to your two-factor authentication credentials, you can use your recovery codes or another recovery method (if you've set one up) to regain access to your account. For more information, see AUTOTITLE.
{% ifversion fpt or ghec %}
Note
{% data reusables.two_fa.unlink-email-address %}
{% endif %}
If your authentication fails several times, you may wish to synchronize your phone's clock with your mobile provider. Often, this involves checking the "Set automatically" option on your phone's clock, rather than providing your own time zone.