Setup 2FA for GitHub Using Microsoft Authenticator App
Two-factor authentication (2FA) on GitHub is a secure method that requires both a password and an authentication code generated by an app on your mobile device to sign in. To bolster security, we recommend setting up 2FA using a time-based one-time password (TOTP) application, like Microsoft Authenticator App, instead of SMS. Microsoft Authenticator generates authentication codes that change over time and provide a more reliable experience.
Steps to Enable 2FA on GitHub using TOTP:
Download a TOTP app: If you haven’t already, install the Microsoft Authenticator App on your mobile device.
Navigate to Settings: On GitHub, click your profile photo at the upper-right corner, and then select Settings.
Access Two-Factor Settings: In the sidebar's Access section, choose Password and authentication. Click Enable two-factor authentication in the "Two-factor authentication" section.
Setup Authenticator App: Under "Setup authenticator app":
- Scan the displayed QR code using your Authenticator App. The app will then display a six-digit code.
- If scanning isn't possible, click enter this text code to get a code that you can manually input into your Authenticator App.
Verify the Code: Your Authenticator App will now save your GitHub.com account and produce a new authentication code every few seconds. Enter this code on GitHub in the "Verify the code from the app" field.
Backup with Recovery Codes: Click Download under "Save your recovery codes" to save these codes to your device. It's crucial to keep these codes safe, as they can help regain access to your account if you lose your primary authentication method.
Finalize Setup: After storing your recovery codes safely, click I have saved my recovery codes to officially activate 2FA for your account.
Info |
---|
For 28 days after 2FA setup, you're in a check-up period. Ensure to successfully perform 2FA within these 28 days, or you'll be prompted to do so on the 28th day. If you fail, use the provided shortcut to adjust your 2FA settings and maintain GitHub.com access. |
Setup Passkey for YubiKey
GitHub Passkeys offer a seamless and secure sign-in experience on GitHub.com, eliminating the need for password input. When combined with two-factor authentication (2FA), a passkey acts as both the password and 2FA, granting access in a single step.
Distinct from regular security keys, passkeys validate your identity based on "something you know" (like a PIN) or "something you are" (biometric data like a fingerprint). Signing in with a passkey engages your device's native authentication, such as your YubiKey, unlocking a private key that GitHub authenticates. Notably, once a synced passkey is established on a device, it's usable across any device sharing that passkey provider.
How to Add a Passkey to Your GitHub Account:
Access Settings: Click your profile photo on the upper-right corner of any GitHub page and select Settings.
Navigate to Authentication: In the sidebar's Access section, choose Password and authentication.
Initiate Passkey Setup: Under "Passkeys", select Add a passkey. Authenticate if prompted using your password or another existing method.
Configure Authentication: Under “Configure passwordless authentication”, click Add passkey and follow your passkey provider's instructions.
Confirmation: After successfully registering your passkey, you'll see a confirmation page. Click Done.
Signing In Using a Passkey
- Visit the Login Page: Go to GitHub's login page.
- Choose Passkey Sign-In: Click
- Authenticate: Follow the prompts from to enter your YubiKey PIN and press the medallion to use biometric access.