If you're unable to authenticate using a TOTP mobile app, you can authenticate using SMS messages. You can also provide a second number for a fallback device. If you lose access to both your primary device and your recovery codes, a backup SMS number can get you back in to your account.

Before using this method, be sure that you can receive text messages. Carrier rates may apply.

Warning for non-US Numbers: GitHub doesn't support sending SMS messages to every country. Before configuring authentication via text message, review our list of countries where GitHub supports authentication via SMS. We strongly recommend using a TOTP application for two-factor authentication instead of SMS.

Warning for users in organizations that require two-factor authentication:

  • If you're a member, billing manager, or outside collaborator to a private repository of an organization that requires two-factor authentication, you must leave the organization before you can disable 2FA on GitHub.
  • If you disable 2FA you will automatically lose access to the organization and any private forks you have of the organization's private repositories. To regain access to the organization and your forks, re-enable two-factor authentication and contact an organization owner.
  1. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
  2. In the user settings sidebar, click Security. Security settings sidebar

  3. Under Two-factor authentication, click Set up two-factor authentication. 2FA dialog box

  4. On the Two-factor authentication page, click Set up using SMS.

  5. Save your recovery codes in a safe place. Your recovery codes can help you get back into your account if you lose access.

    • To save your recovery codes on your device, click Download.
    • To save a hard copy of your recovery codes, click Print.
    • To copy your recovery codes for storage in a password manager, click Copy. List of recovery codes with option to download, print, or copy the codes
  6. After saving your two-factor recovery codes, click Next.

  7. Select your country code and type your mobile phone number, including the area code. When your information is correct, click Send authentication code. 2FA SMS screen

  8. You'll receive a text message with a security code. Type the code on the Two-factor authentication page, and click Enable. 2FA SMS continue field
  9. After you've saved your recovery codes and enabled 2FA, we recommend you sign out and back in to your account. In case of problems, such as a forgotten password or typo in your email address, you can use recovery codes to access your account and correct the problem.

Further reading