As of 2023 GitHub requires all users who contribute code on GitHub.com to enable two-factor authentication (2FA). This post describes how I set up the mobile Microsoft Authenticator app as GitHub’s 2nd factor authentication.

Background

After a several-year hiatus from GitHub, when I recently tried to login with SMS as my 2nd factor authentication, the login failed – probably because of my poor cellular signal at home. I wound up using one of my one-time passcodes to get in.

Once logged into GitHub, I learned that I can use Microsoft Authenticator on my phone – a TOTP (time-based one-time password) app – as my 2nd factor in GitHub’s two-factor authentication.

What follows are my notes on how I set up that two-factor authentication on GitHub.

Step by Step

1. On your phone, download and install the Microsoft Authenticator, created by Microsoft Corporation. DO NOT download fakes from the Microsoft Store.
2. On your PC, login to GitHub, using whatever method works for you for now – you’ll change your two-factor authentication in a moment.
3. On the GitHub page…
4. Click your Profile icon, in the upper-right of the page.
5. Click Settings.
6. On the left of the resulting screen, under Access, click Password and Authentication.
7. Under Two-factor Authentication, make sure the button on the right says “Enabled“. If it doesn’t, click the Enable button.
8. It won’t let you select Authenticator App yet. We’ll set that up next.
9. On your PC, browse to GitHub’s doc on Configuring two-factor authentication (I’m a little unsure what I did next, but what follows are what those instructions say to do)
10. A Setup Authenticator App section should appear on that page.
11. Using your phone’s camera, scan the QR code that appears in that section.
12. Your phone should start Microsoft Authenticator and display a code
13. Back on the PC, enter that code.

in the future when you login to GitHub, you should be able to use Microsoft Authenticator on your phone as your second factor authentication:

1. When you want to log in to GitHub, enter your email and password (your first-factor authentication) on GitHub.
2. A screen will appear that prompts you to enter a code.
3. On your phone, open Microsoft Authenticator and select GitHub.
4. Your phone will display a code; enter that code into the GitHub prompt page. Note: the code will change every few seconds, so if it doesn’t work the first time, enter the next code that comes up on your phone.

Resources

• Configuring two-factor authentication on GitHub.
• Microsoft Authenticator app for Android on Google Play, by Microsoft Corporation.

Comments? Corrections? Converse with me on BlueSky, or through one of the other contact buttons shown to the top-left of this page.

Featured Image: Padlock; 17th century Spanish; Object Number: 87.11.47; Courtesy of the New York Metropolitain Museum of Art