Enabling GitHub Two-Factor Authentication

· 2 min read

Recently, I needed to enable two-factor authentication to publish Actions to the GitHub Market, so I set it up. But I found there were still some pitfalls, so I’m recording them here.

Enabling GitHub Two-Factor Authentication

  1. Click on settings-Account security in the top right corner
  1. Follow the prompts to enable it. During the process, it will remind you to download recovery codes, download and save them.

  2. The QR code that pops up needs to be scanned with an MFA-supporting app. For authentication apps, there are many choices. I personally prefer using 1Password

    • Let me explain: the QR code itself is a link, but not necessarily an HTTP link. The reason it’s not directly shown as a copyable link is probably because it’s insecure and user-unfriendly
    • After the app scans it, it stores this link as a login item. Each time you click the app, it actually requests a new, time-valid verification code based on this link

Fill in the verification code to successfully enable two-factor authentication

1P Scanning QR Code

The way to find QR code scanning in 1P is quite hidden, as shown in the image

After scanning the QR code provided by GitHub, 1P can store this item. In future operations, 1P will prompt as follows, just copy and input

Notes

  • 1P recommends using the web version download rather than the App Store version, as permissions differ

GitHub Push

After enabling two-factor authentication, I suddenly found that code commits weren’t working. The solution is: Settings-Developer settings-Personal access tokens, generate a new token as password, input it, and the computer will cache this value, so you can continue normal push operations.

Final Thoughts

Only after enabling this verification did I notice that 1P actually supports this. I have to say it’s really great.