A Time-based One-Time Password (TOTP) application automatically generates an authentication code that changes after a certain period of time.

We strongly recommend using a TOTP application to configure 2FA. TOTP applications are more reliable than SMS, especially for locations outside the US.

Tip: To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time. If 2FA is already enabled and you want to add another device, you must re-configure 2FA from your security settings.

Warning for users in organizations that require two-factor authentication:

  • If you're a member, billing manager, or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA on GitHub.
  • If you disable 2FA you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner.
  1. Download one of these apps.
  2. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
  3. In the user settings sidebar, click Security. Security settings sidebar

  4. Under Two-factor authentication, click Set up two-factor authentication. 2FA dialog box

  5. On the Two-factor authentication page, click Set up using an app.

  6. Save your recovery codes in a safe place. Your recovery codes can help you get back into your account if you lose access.

    • To save your recovery codes on your device, click Download.
    • To save a hard copy of your recovery codes, click Print.
    • To copy your recovery codes for storage in a password manager, click Copy. List of recovery codes with option to download, print, or copy the codes
  7. After saving your two-factor recovery codes, click Next.

  8. On the Two-factor authentication page, do one of the following:

    • Scan the QR code with your mobile device's app. After scanning, the app will display a six-digit code that you can enter on GitHub.
    • If you can't use a barcode, click enter this text code to see a code you can copy and manually enter on GitHub instead. If you're using Microsoft Authenticator, you'll need to use this method. Click enter this code
  9. The TOTP mobile application will save your GitHub account and generate a new authentication code every few seconds. On GitHub, on the 2FA page, type the code and click Enable.

    TOTP Enable field

  10. After you've saved your recovery codes and enabled 2FA, we recommend you sign out and back in to your account. In case of problems, such as a forgotten password or typo in your email address, you can use recovery codes to access your account and correct the problem.

Further reading