You can set up your GitHub account to require an authentication code in addition to your password when you sign in.

About two-factor authentication

Two-factor authentication, or 2FA, is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to.

Configuring two-factor authentication

You can configure two-factor authentication using a mobile app or via text message. You can also add a security key using FIDO U2F.

Configuring two-factor authentication recovery methods

You can set up a variety of recovery methods to access your account if you lose your two-factor authentication credentials.

Accessing GitHub using two-factor authentication

With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you sign in or authenticate to GitHub.

Recovering your account if you lose your 2FA credentials

If you lose access to your two-factor authentication credentials, you can use your recovery codes, or another recovery option if you've set one up, to regain access to your account.

Changing two-factor authentication delivery methods for your mobile device

You can switch between receiving authentication codes through a text message or a mobile application.

Countries where SMS authentication is supported

Because of delivery success rates, GitHub only supports two-factor authentication via SMS for certain countries.

Disabling two-factor authentication for your personal account

If you disable two-factor authentication for your personal account, you may lose access to organizations you belong to.