Two-factor authentication in GitHub is pretty simple to set up, though the exact steps are layed out in maybe 3 different articles. I’ve consolidated them all together to this one simple guide.
Enable 2FA
Enable 2 factor authentication on the GitHub website (Settings → Security → Two Factor Authentication).
Prepare your phone
Install Google Authenticator. Works for iOS and Android. In Authenticator, tap Add, then Scan Barcode. Take a picture of the QR code on your computer. (More info on apps)
Enable git credential caching
On your computer, enable caching your GitHub HTTPS credentials. This allows you to store your 2FA token and not get asked for it everytime.
git config --global credential.helper osxkeychain # OSX
git config --global credential.helper cache # Linux
Generate an API key
Generate a GitHub API key under “Personal Access Tokens”. You’ll use this for the Git command line. Leave the scopes unchanged.
Use HTTPS on your repos
If your git repos still use SSH (git@github.com:user/repo.git
), change them to use HTTPS (https://github.com/user/repo.git
). (More info on remote URLs)
cd project
vim .git/config
Git push
Push a repo. You’ll be asked for a password. Use the token for the password. You won’t have to do this again if enabled credential caching.
$ git push
Username for 'https://github.com': esonpaguia
Password for 'https://esonpaguia@github.com':
Save your recovery codes
Get your recovery codes (Settings → Security → Two Factor Authentication → Recovery Codes) and put them somewhere safe. This will allow you to log onto your account when, say, your phone isn’t charged. (More info on recovery codes)
That’s it!
If everything worked, your git push
should work. Further reading below:
- Two factor authentication articles (github.com)
- TOTP mobile apps (github.com)
- About two factor authentication (github.com)
- Providing your 2FA Authentication Code (github.com)
- Caching your GitHub password (github.com)
- Downloading your two factor recovery codes (github.com)
- HTTPS remote URLs (github.com)