You can set up your GitHub account to require an authentication code in addition to your password when you sign in.
Two-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in.
A Time-based One-Time Password (TOTP) application automatically generates an authentication code that changes after a certain period of time.
If you're unable to authenticate using a TOTP mobile app, you can authenticate using SMS messages. You can also provide a second number for a fallback device. If you lose access to both your primary device and your recovery codes, a backup SMS number can get you back in to your account.
You can provide a second number for a fallback device. If you lose access to both your primary device and your recovery codes, a backup SMS number can get you back in to your account.
With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you access GitHub.
On your Android phone, you can use a FIDO U2F compatible security key and Google Authenticator to securely sign into your GitHub account with Near Field Communication (NFC).
You can always switch between receiving authentication codes through a text message or a mobile application.
If you've lost access to your account after enabling two-factor authentication, GitHub can't help you gain access again. Having access to your recovery codes in a secure place, or establishing a secondary mobile phone number for recovery, will get you back into your account.
Because of delivery success rates, GitHub only supports two-factor authentication via SMS for certain countries.
If you disable two-factor authentication for your personal account, you may lose access to organizations you belong to.