Hello everyone, two-factor authentication (2-FA) in GitHub is a pretty simple procedure, if you are using a GUI. It could prove to be a difficult task if you are working with repositories from a Command Line Interface. In this blog post, I will explain how to properly set-up 2 Factor Authentication to work with GitHub.
PS. I will be juggling between 2FA, 2-FA and 2 Factor Authentication throughout the post, rest assured that all mean the same
ENABLE 2-FA IN GITHUB
- Sign-in to GitHub
- Click on your profile picture at the top right corner of the navigation bar, and select Settings
- Select Security tab from the left selection panel, and then click set up Two-factor authentication.
- Select Set up using an app. Then you will see some recovery codes on your screen. If you uninstall the authenticator app from your phone, you will need access to the recovery codes to access your account again. Make sure you save it in a safe place.
- You will now configure 2 Factor Authentication from your phone
DOWNLOAD AN AUTHENTICATOR APP
There are a lot of options available for a 2FA app. The notable ones are Google Authenticator, Microsoft Authenticator, Lastpass Authenticator, Authy and Yubico Authenticator. If you want to backup 2FA codes and use it across devices, I would personally suggest you to use Authy. If not, Google Authenticator is a really good bet on Android as it is easy to use. In this tutorial I use Authy to do my job.
- Download and install Authy from the Google Play Store
- Login with your Authy account to restore your 2FA Codes from the backup in the cloud. If you don’t have one, it will prompt you to create one.
- Click on add new account from the three dots menu, then select Scan QR Code. Take a picture of the QR Code
- The app will now save your GitHub account. Then enter the security code from your app into the browser and click Enable.
You have now configured your GitHub account with 2FA Succesfully. Now you will need to configure your local machine’s Git CLI or GUI with 2FA. If you are using a GUI like Gitkraken to manage your repositories, just sign-in to your GitHub account, and that’s it. Follow the next steps to configure your GitHub account with 2FA for the terminal
ENABLE GIT CREDENTIAL CACHING
Now that you have configured your GitHub account with 2FA, you will need to enter your access token (more on this later) instead of your password everytime. The problem with this is there is no way to remember an access token once you create one. So, after you create an access token you will need to store it in your local machine, which is why we will use git credential caching
Since we are on a Linux terminal, we can use either of the following commands:
git config --global credential.helper store
CREATE PERSONAL ACCESS TOKEN
Personal access tokens function like ordinary OAuth access tokens. In other words, you can use it instead of your regular password for doing changes to your repo. This would be very useful as regular passwords don’t work with 2FA.
Generate a GitHub API key under “Personal Access Tokens” in the Settings page. You’ll use this for the Git command line. Leave the scopes unchanged.
PUSH THE REPO
After configuring the personal access token, you need to configure the terminal with it for the first time. Push a repo, it will ask for your username and password, instead of password add the personal access token there. Once you do it, you are done configuring 2FA with the Git repos on your system.