Two Factor Authentication for GitHub
In the interest of security I’ve started to turn on Two Factor Authentication (aka 2FA) for some of the services I use. I tried it out with GitHub about a year ago, but turned it off shortly thereafter because I encountered a bunch of problems and didn’t have the time to figure them all out. That and Google’s Authenticator app having data loss issues after an update was a big red flag too.
Today it’s a little easier to manage. 1Password has 2FA support built in now, and there’s also Duo Mobile’s app. Turning it on was pretty easy: Go to the security page, click a few buttons, and follow instructions. Once it was enabled I decided to push some changes for a project, and then this happened:
1 2 3
Umm, ok. I mean, I guess the most secure repository is one that nobody can access.
The solution isn’t immediately obvious. I looked at GitHub’s setup docs again, but they didn’t mention anything about 2FA. When in doubt, try it again right? This time I got a username/password prompt. I had assumed I would get some sort of additional prompt to enter a single use code for the 2FA, so I pasted in my GitHub password.
1 2 3 4 5
Googling around a bit finally brought me to this page, “Creating an access token for command-line use”. When you enable 2FA you need to use a token as your password for the Terminal. I created this with the default scopes provided1, then copy/pasted the resulting token into the password prompt in my Terminal window.
1 2 3 4 5 6 7 8 9 10
I think that should handle all the headaches for 2FA with GitHub. I like the warm security feeling it brings, and it seems like the user experience has been cleared up too.
For standard git operations, I don’t think you would need any of the other scopes available for apps, and you could probably remove
gistfrom it too.