Official path
Settings → Password and authentication → Two-factor authentication → Enable two-factor authentication → Recovery codes Before you start
- Sign in on a trusted device before you start.
- Install a TOTP app or prepare a security key.
- Keep an offline place ready for the recovery codes.
Setup steps
- 01
Open account security settings
From your avatar menu, open Settings, then Password and authentication. In the Two-factor authentication section, choose Enable two-factor authentication.
- 02
Link the authenticator
Use Scan the QR code, or switch to setup key for manual entry. GitHub's manual TOTP values are Type: TOTP, Algorithm: SHA1, Digits: 6, and Period: 30.
- 03
Verify the first code
Enter the 6-digit code from the app in Verify the code from the app and confirm the setup.
- 04
Save recovery codes
Download the recovery codes before you leave the page, then confirm I have saved my recovery codes.
Recovery and backup
Return to recovery codes
Open Recovery codes and use View to show the current set before you need it.
Export or refresh them
Use Download, Print, or Copy. Generating new recovery codes invalidates the old set.
Use the official login flow
At sign-in, choose More options, then 2FA recovery code, enter one unused code, and verify.
Common problems
28-day check up period
GitHub may prompt a check-up period after setup. Keep the recovery codes until the account settles.
Managed users
Managed accounts can be restricted by an identity provider administrator.
No recovery path
If you lose both the authenticator and the recovery codes, GitHub Support cannot restore 2FA access.