Thursday 3 October 2013

Enabling GitHub Two Factor Authentication

Inspired by Google’s Two Factor Authentication workflow, last month GitHub did the same thing.

I just enabled it, and I strongly recommend that you do it to.

As per the instructions in GitHub’s Two-factor Authentication post, the first step is to go to https://github.com/settings/admin and click on the Set up two-factor authentication’ button:

image

… which requires the current password to be entered:

image

In this case I’m going to use SMS:

image

Next we enter the phone number and click on Send code:

image

… enter the number received by SMS and click Enable

image

And that’s it, two-factor authentication is now enabled:

image

Creating Tokens to access repos (instead of pwds)

Also great from a security point of view, is that it is also possible to create ‘login tokens’ for Https logins.

This is done one the Applications Settings page:

image

… where new tokens can be created:

image

… which can now be used instead of passwords (with the great advantage of being revocable and assignable for a particular use (lets say a particular deployment or app))

image

I really like this functionality, and hope to eventually add something similar to TeamMentor