2FAA.app

How to Enable 2FA on GitHub

GitHub mandated 2FA for all users who contribute to popular repositories starting in 2024. Even if you're not required, 2FA protects your private repos, SSH keys, and personal access tokens.

Quick path: Settings → Password and authentication → Two-factor authentication

Step-by-step: 2FA setup on GitHub

  1. 1

    Open Account settings

    Sign in at github.com → click your avatar at the top right → 'Settings'.

  2. 2

    Go to Password and authentication

    In the left sidebar, click 'Password and authentication'. Scroll to 'Two-factor authentication' and click 'Enable two-factor authentication'.

  3. 3

    Choose 'Set up using an app'

    GitHub recommends an authenticator app over SMS. Click 'Set up using an app'.

  4. 4

    Scan QR with 2FAA

    GitHub shows a QR code. Open 2FAA, scan the code, and a 6-digit GitHub code appears.

  5. 5

    Enter the code and download recovery codes

    Enter the active code from 2FAA into GitHub. GitHub then shows 16 recovery codes — download them as a .txt file and store securely. You'll need them if you lose your authenticator.

  6. 6

    Optional: add a security key

    GitHub strongly recommends a hardware security key (YubiKey, Titan) as a second factor on top of TOTP. You can add it under 'Security keys'.

Generate GitHub 2FA codes with 2FAA

You don't need a separate authenticator app. 2FAA is a free, browser-based TOTP generator — your secret never leaves your device, and it works offline as a PWA. The same secret can be used in parallel with Google Authenticator or Authy if you prefer redundancy.

Open 2FAA AuthenticatorImport from Google Authenticator

Frequently asked questions

Does GitHub require 2FA?

Yes for many users — GitHub now requires 2FA for any account that publishes code, releases packages, or interacts with GitHub.com via Git or the API. The requirement is enforced in stages.

Can I use 2FAA for Git CLI authentication?

Yes indirectly. Use a personal access token (or SSH key) for Git operations. 2FA is only checked when generating the token or signing in via the web — once the token exists, Git uses it without prompting for 2FA.

Will 2FA break my GitHub Actions or CI/CD?

No. CI uses tokens or SSH keys, not interactive password+2FA login. Make sure your tokens are valid — once set, automation is unaffected by 2FA.

Can I use 2FAA's MCP server with GitHub for AI agents?

Yes — see the 2FAA MCP Server docs. The generate_totp tool lets Claude Code, Cursor, or any MCP-compatible AI agent pull a fresh GitHub 2FA code on demand.

Other 2FA setup guides

Discord 2FAEpic Games / Fortnite 2FARoblox 2FASpotify 2FAPayPal 2FATwitch 2FA