Today I learned

GitHub two-factor authenication guide

Rico Sta. CruzMarch 27, 2015

See GitHub's Two factor authentication articles on help.github.com.

Two-factor authentication in GitHub is pretty simple to set up, though the exact steps are layed out in maybe 3 different articles. I've consolidated them all together to this one simple guide.

Setting up 2FA

Enable 2FA

Enable 2 factor authentication on the GitHub website (Settings → Security → Two Factor Authentication).

2 factor authentication settings (github.com)

Prepare your phone

Install Google Authenticator, or an equivalent of such. Works for iOS and Android. In Authenticator, tap Add, then Scan Barcode. Take a picture of the QR code on your computer. (More info on apps)

For HTTPS

If you're using SSH keys to access your Git repos, you can skip this section. If you're using https:// URL's in your Git repos, then read on!

Enable git credential caching

On your computer, enable caching your GitHub HTTPS credentials. This allows you to store your 2FA token and not get asked for it everytime.

# MacOS:
git config --global credential.helper osxkeychain

# Linux:
git config --global credential.helper cache

This only applies if you use HTTP authentication for your Git repositories. If you use SSH keys, this shouldn't be necessary.

Generate an API key

Generate a GitHub API key under "Personal Access Tokens". You'll use this for the Git command line. Leave the scopes unchanged.

Use HTTPS on your repos

If your git repos still use SSH ([email protected]:user/repo.git), change them to use HTTPS (https://github.com/user/repo.git). (More info on remote URLs)

cd project
vim .git/config

Try it out

Git push

Push a repo. You'll be asked for a password. Use the token for the password. You won't have to do this again if enabled credential caching.

$ git push

Username for 'https://github.com': rstacruz
Password for 'https://[email protected]':

Save your recovery codes

Get your recovery codes (Settings → Security → Two Factor Authentication → Recovery Codes) and put them somewhere safe. This will allow you to log onto your account when, say, your phone isn't charged. (More info on recovery codes)

That's it!

If everything worked, your git push should work just fine.

References

Two factor authentication articles (github.com)
TOTP mobile apps (github.com)
About two factor authentication (github.com)
Providing your 2FA Authentication Code (github.com)
Caching your GitHub password (github.com)
Downloading your two factor recovery codes (github.com)
HTTPS remote URLs (github.com)

You have just read GitHub two-factor authenication guide, written on March 27, 2015. This is Today I Learned, a collection of random tidbits I've learned through my day-to-day web development work. I'm Rico Sta. Cruz, @rstacruz on GitHub (and Twitter!).

← More articles