GitHub two-factor authenication guide

Two-factor authentication in GitHub is pretty simple to set up, though the exact steps are layed out in maybe 3 different articles. I've consolidated them all together to this one simple guide.

Setting up 2FA

Enable 2FA

Enable 2 factor authentication on the GitHub website (Settings → Security → Two Factor Authentication).

2 factor authentication settings (github.com)

Prepare your phone

Install Google Authenticator, or an equivalent of such. Works for iOS and Android. In Authenticator, tap Add, then Scan Barcode. Take a picture of the QR code on your computer. (More info on apps)

Google Authenticator (en.wikipedia.org)

For HTTPS

If you're using SSH keys to access your Git repos, you can skip this section. If you're using https:// URL's in your Git repos, then read on!

Enable git credential caching

On your computer, enable caching your GitHub HTTPS credentials. This allows you to store your 2FA token and not get asked for it everytime.

# MacOS:
git config --global credential.helper osxkeychain
# Linux:
git config --global credential.helper cache

This only applies if you use HTTP authentication for your Git repositories. If you use SSH keys, this shouldn't be necessary.

Generate an API key

Generate a GitHub API key under "Personal Access Tokens". You'll use this for the Git command line. Leave the scopes unchanged.

Generate a GitHub API key (github.com)

Use HTTPS on your repos

If your git repos still use SSH ([email protected]:user/repo.git), change them to use HTTPS (https://github.com/user/repo.git). (More info on remote URLs)

cd project
vim .git/config

Try it out

Git push

Push a repo. You'll be asked for a password. Use the token for the password. You won't have to do this again if enabled credential caching.

$ git push
Username for 'https://github.com': rstacruz
Password for 'https://[email protected]':

Save your recovery codes

Get your recovery codes (Settings → Security → Two Factor Authentication → Recovery Codes) and put them somewhere safe. This will allow you to log onto your account when, say, your phone isn't charged. (More info on recovery codes)

That's it!

If everything worked, your git push should work just fine.

References