English

Explore by product

GitHub
English
Article version: GitHub.com
Article version: GitHub.com

Recovering your account if you lose your 2FA credentials

If you lose access to your two-factor authentication credentials, you can use your recovery codes, or another recovery option, to regain access to your account.

In this article

Warning: For security reasons, GitHub Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery methods.

Using a two-factor authentication recovery code

Use one of your recovery codes to automatically regain entry into your account. You may have saved your recovery codes to a password manager or your computer's downloads folder. The default filename for recovery codes is github-recovery-codes.txt. For more information about recovery codes, see "Configuring two-factor authentication recovery methods."

  1. Type your username and password to prompt authentication.
  2. Under "Having Problems?", click Enter a two-factor recovery code. Link to use a recovery code
  3. Type one of your recovery codes, then click Verify. Field to type a recovery code and Verify button

Authenticating with a fallback number

If you lose access to your primary TOTP app or phone number, you can provide a two-factor authentication code sent to your fallback number to automatically regain access to your account.

Authenticating with a security key

If you configured two-factor authentication using a security key, you can use your security key as a secondary authentication method to automatically regain access to your account. For more information, see "Configuring two-factor authentication."

Authenticating with a verified device, SSH token, or personal access token

If you know your GitHub password but don't have the two-factor authentication credentials or your two-factor authentication recovery codes, you can have a one-time password sent to your verified email address to begin the verification process and regain access to your account.

Note: For security reasons, regaining access to your account by authenticating with a one-time password can take 3-5 business days. Additional requests submitted during this time will not be reviewed.

You can use your two-factor authentication credentials or two-factor authentication recovery codes to regain access to your account anytime during the 3-5 day waiting period.

  1. Type your username and password to prompt authentication. If you do not know your GitHub password, you will not be able to generate a one-time password.
  2. Under "Having Problems?", click Can't access your two factor device or valid recovery codes? Link if you don't have your 2fa device or recovery codes
  3. Click I understand, get started to request a reset of your authentication settings. Reset authentication settings button
  4. Click Send one-time password to send a one-time password to all email addresses associated with your account. Send one-time password button
  5. Under "One-time password", type the temporary password from the recovery email GitHub sent. One-time password field
  6. Click Verify email address.
  7. Choose an alternative verification factor.
    • If you've used your current device to log into this account before and would like to use the device for verification, click Verify with this device.
    • If you've previously set up an SSH key on this account and would like to use the SSH key for verification, click SSH key.
    • If you've previously set up a personal access token and would like to use the personal access token for verification, click Personal access token. Alternative verification buttons
  8. A member of GitHub Support will review your request and email you within 3-5 business days. If your request is approved, you'll receive a link to complete your account recovery process. If your request is denied, the email will include a way to contact support with any additional questions.

Authenticating with an account recovery token

If you lose access to the two-factor authentication methods for your GitHub account, you can retrieve your account recovery token from a partner recovery provider and ask GitHub Support to review it.

If you don't have access to your two-factor authentication methods or recovery codes and you've stored an account recovery token with Facebook using Recover Accounts Elsewhere, you may be able to use your token to regain access to your account.

If you're unable to regain access to your account, generate a one-time password to regain access. For more information, see "Authenticating with a verified device, SSH token, or personal access token."

Warnings:

  1. On Facebook, navigate to your Security Settings, then click Recover Accounts Elsewhere. Facebook security settings page with Recover Accounts Elsewhere link
  2. Click the recovery token associated with your GitHub account. List of recovery tokens stored on Facebook
  3. To redeem your account recovery token, click Recover This Account. A new window will open, returning you to GitHub. Modal box with information about your recovery token and Recover This Account button
  4. Contact GitHub Support to let them know that your account recovery token is ready for review.

Further reading

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.