Two-factor authentication in GitHub is pretty simple to set up, though the exact steps are layed out in maybe 3 different articles. I’ve consolidated them all together to this one simple guide.
Enable 2 factor authentication on the GitHub website (Settings → Security → Two Factor Authentication).
Prepare your phone
Enable git credential caching
On your computer, enable caching your GitHub HTTPS credentials. This allows you to store your 2FA token and not get asked for it everytime.
git config --global credential.helper osxkeychain # OSX git config --global credential.helper cache # Linux
Generate an API key
Generate a GitHub API key under “Personal Access Tokens”. You’ll use this for the Git command line. Leave the scopes unchanged.
Use HTTPS on your repos
If your git repos still use SSH (
firstname.lastname@example.org:user/repo.git), change them to use HTTPS (
https://github.com/user/repo.git). (More info on remote URLs)
cd project vim .git/config
Push a repo. You’ll be asked for a password. Use the token for the password. You won’t have to do this again if enabled credential caching.
$ git push Username for 'https://github.com': rstacruz Password for 'https://email@example.com':
Save your recovery codes
Get your recovery codes (Settings → Security → Two Factor Authentication → Recovery Codes) and put them somewhere safe. This will allow you to log onto your account when, say, your phone isn’t charged. (More info on recovery codes)
If everything worked, your
git push should work. Further reading below:
- Two factor authentication articles (github.com)
- TOTP mobile apps (github.com)
- About two factor authentication (github.com)
- Providing your 2FA Authentication Code (github.com)
- Caching your GitHub password (github.com)
- Downloading your two factor recovery codes (github.com)
- HTTPS remote URLs (github.com)