Two Factor Authentication for GitHub

In the interest of security I’ve started to turn on Two Factor Authentication (aka 2FA) for some of the services I use. I tried it out with GitHub about a year ago, but turned it off shortly thereafter because I encountered a bunch of problems and didn’t have the time to figure them all out. That and Google’s Authenticator app having data loss issues after an update was a big red flag too.

Today it’s a little easier to manage. 1Password has 2FA support built in now, and there’s also Duo Mobile’s app. Turning it on was pretty easy: Go to the security page, click a few buttons, and follow instructions. Once it was enabled I decided to push some changes for a project, and then this happened:

1
2
3
> git push origin master
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/swilliams/my-repo.git/'

Umm, ok. I mean, I guess the most secure repository is one that nobody can access.

The solution isn’t immediately obvious. I looked at GitHub’s setup docs again, but they didn’t mention anything about 2FA. When in doubt, try it again right? This time I got a username/password prompt. I had assumed I would get some sort of additional prompt to enter a single use code for the 2FA, so I pasted in my GitHub password.

1
2
3
4
5
> git push origin master
Username for 'https://github.com': swilliams
Password for 'https://swilliams@github.com':
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/swilliams/my-repo.git/'

No dice.

Googling around a bit finally brought me to this page, “Creating an access token for command-line use”. When you enable 2FA you need to use a token as your password for the Terminal. I created this with the default scopes provided1, then copy/pasted the resulting token into the password prompt in my Terminal window.

1
2
3
4
5
6
7
8
9
10
± git push origin master
Username for 'https://github.com': swilliams
Password for 'https://swilliams@github.com':
Counting objects: 80, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (78/78), done.
Writing objects: 100% (80/80), 9.02 KiB | 0 bytes/s, done.
Total 80 (delta 58), reused 0 (delta 0)
To https://github.com/swilliams/my-repo.git
   01efb2c..445a0b6  master -> master

Yay!

I think that should handle all the headaches for 2FA with GitHub. I like the warm security feeling it brings, and it seems like the user experience has been cleared up too.

  1. For standard git operations, I don’t think you would need any of the other scopes available for apps, and you could probably remove

    gist
    from it too.

Copyright © 2017 - Scott Williams - Powered by Octopress