Github Desktop 2fa

Article version: GitHub.com

And then store the resulting key to /etc/2fatokenkeys and /.ssh/authorizedkeys in Chef. Krypt.co setup for iOS and Android Instead of generating OTPs and sending them over manually with our fingers, our mobile devices can securely store our SSH keys and only remotely authorize usage (and send the signed challenge to the remote server) if a. On GitHub, on the 2FA page, type the code and click Enable. After you've saved your recovery codes and enabled 2FA, we recommend you sign out and back in to your account. In case of problems, such as a forgotten password or typo in your email address, you can use recovery codes to access your account and correct the problem. On GitHub Enterprise Server, on the 2FA page, type the code and click Enable. After you've saved your recovery codes and enabled 2FA, we recommend you sign out and back in to your account. In case of problems, such as a forgotten password or typo in your email address, you can use recovery codes to access your account and correct the problem. For details, see Token-based 2FA for Desktop and Mobile. You should always access Hub from the same URL that you used to register the device. The authentication protocol uses built-in domain tracking to prevent phishing attacks. Accessing GitHub using two-factor authentication With 2FA enabled, you'll be asked to provide your 2FA authentication code, as well as your password, when you sign in to GitHub. Recovering your account if you lose your 2FA credentials.

Article version: GitHub.com

Organization owners can require organization members, outside collaborators, and billing managers to enable two-factor authentication for their personal accounts, making it harder for malicious actors to access an organization's repositories and settings.

In this article

About two-factor authentication for organizations

Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. You can require all members, outside collaborators, and billing managers in your organization to enable two-factor authentication on GitHub. For more information about two-factor authentication, see 'Securing your account with two-factor authentication (2FA).'

You can also require two-factor authentication for organizations in an enterprise. For more information, see 'Enforcing security settings in your enterprise account.'

Warnings:

  • When you require use of two-factor authentication for your organization, members, outside collaborators, and billing managers (including bot accounts) who do not use 2FA will be removed from the organization and lose access to its repositories. They will also lose access to their forks of the organization's private repositories. You can reinstate their access privileges and settings if they enable two-factor authentication for their personal account within three months of their removal from your organization.
  • If an organization owner, member, billing manager, or outside collaborator disables 2FA for their personal account after you've enabled required two-factor authentication, they will automatically be removed from the organization.
  • If you're the sole owner of an organization that requires two-factor authentication, you won't be able to disable 2FA for your personal account without disabling required two-factor authentication for the organization.

Prerequisites

Before you can require organization members, outside collaborators, and billing managers to use two-factor authentication, you must enable two-factor authentication for your account on GitHub. For more information, see 'Securing your account with two-factor authentication (2FA).'

Before you require use of two-factor authentication, we recommend notifying organization members, outside collaborators, and billing managers and asking them to set up 2FA for their accounts. You can see if members and outside collaborators already use 2FA. For more information, see 'Viewing whether users in your organization have 2FA enabled.'

Requiring two-factor authentication in your organization

  1. In the top right corner of GitHub, click your profile photo, then click Your organizations.

  2. Click Settings next to the organization.

  3. In the left sidebar, click Organization security.

  4. Under 'Authentication', select Require two-factor authentication for everyone in your organization, then click Save.

  5. If prompted, read the information about members and outside collaborators who will be removed from the organization. Type your organization's name to confirm the change, then click Remove members & require two-factor authentication.

  6. If any members or outside collaborators are removed from the organization, we recommend sending them an invitation that can reinstate their former privileges and access to your organization. They must enable two-factor authentication before they can accept your invitation.

Viewing people who were removed from your organization

To view people who were automatically removed from your organization for non-compliance when you required two-factor authentication, you can search your organization's audit log for people removed from your organization. The audit log event will show if a person was removed for 2FA non-compliance.

  1. In the top right corner of GitHub, click your profile photo, then click Your profile.

  2. In the top right corner of GitHub, click your profile photo, then click Your organizations.

  3. In the Settings sidebar, click Audit log.

  4. Enter your search query. To search for:

    • Organization members removed, use action:org.remove_member in your search query
    • Outside collaborators removed, use action:org.remove_outside_collaborator in your search query
    • Billing managers removed, use action:org.remove_billing_managerin your search query

    You can also view people who were removed from your organization by using a time frame in your search.

Helping removed members and outside collaborators rejoin your organization

Github Desktop Gitlab 2fa

If any members or outside collaborators are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization.

Further reading

  • 'Viewing whether users in your organization have 2FA enabled'
  • 'Securing your account with two-factor authentication (2FA)'
  • 'Reinstating a former member of your organization'
  • 'Reinstating a former outside collaborator's access to your organization'

Setting up Terminal to access GitHub when there is 2FA setup on is more convoluted than I expected, so here’s a reference.

The first time you try to clone a repository from GitHub to your laptop (after being granted access by your team mates), Terminal will prompt you for your username and password.

You should use these inputs:

  • username: your GitHub email address (not your username)
  • password: a special token generated from GitHub developer settings

Generating the special token

Because of enforced 2-factor-authentication (2FA) by your organisation, you will need to use a special token to access GitHub from Terminal instead of your normal password. This setup should only need to happen once.

Github Desktop 2fa
  1. Login to github.com
  2. Go to https://github.com/settings/tokens
  3. Click on Generate new token
  4. You will be asked for the scope of access this token will grant -> select all, since it’s for you and you want full control
  5. Click Generate token -> Copy this. There is no need to store this anywhere, you can always regenerate a new token and invalidate the current one if needed

This token is what you need to enter as your password in Terminal, instead of the normal password you use to login on github.com.

Github Desktop 2fa

Troubleshooting

Github Desktop 2faGithub

Github Desktop 2 Accounts

1. GitHub account does not have access to the repository

If you see this error, it most likely means your GitHub account has not been granted access to the repo you’re trying to clone.

There’s a quick way to figure out if you have access or not:

  • Ensure you are logged in to your GitHub account before proceeding
  • If you have access, then you should be able to view the repository on GitHub.
  • If you don’t, then loading the GitHub repository URL will only lead to a 404 resource not found page.

Github Desktop Failed To Fetch

If you can see the repository on GitHub but you cannot, for example, run git clone <https://github.com/my-repository>, then it means that it’s most likely a matter of using the wrong password. Refer to number 2 below.

And if you see a 404 when loading the repository

2. GitHub account has access but not through Terminal

If you see this error, it means that you have entered the wrong credentials.

This second scenario is if you have checked scenario 1.

Github Desktop Features

If running a basic access action like git clone still doesn’t work, then you’re most likely using the wrong password.

As long as your repository or the organisation that owns the repository has enforced 2FA for all collaborators, you will need to generate a token that should be used as the password you input to Terminal. To be explicit: You need to supply a token, not your normal GitHub password, to Terminal when it asks you for your GitHub password if you have 2FA enforced by the repository owner.

See the start of this post for instructions on how to generate this token! :)

Github

You might also be interested to read: