You can set up your GitHub account to require an authentication code in addition to your password when you sign in.
Two-factor authentication, or 2FA, is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.
You can configure two-factor authentication using a mobile app or via text message. You can also add a security key using FIDO U2F.
You can set up a variety of recovery methods to access your account if you lose your two-factor authentication credentials.
With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you sign in or authenticate to GitHub.
If you lose access to your two-factor authentication credentials, you can use your recovery codes, or another recovery option if you've set one up, to regain access to your account.
You can switch between receiving authentication codes through a text message or a mobile application.
Because of delivery success rates, GitHub only supports two-factor authentication via SMS for certain countries.
If you disable two-factor authentication for your personal account, you may lose access to organizations you belong to.