If you are having trouble authenticating with 2FA, you can try troubleshooting your configured authentication methods.
If you are receiving a "Two-factor authentication failed" error when authenticating with two-factor authentication (2FA), the authentication code you are entering is incorrect. You can try troubleshooting your configured authentication methods before attempting account recovery.
When authenticating with a TOTP app, GitHub does not send you anything; you need to provide GitHub with a valid code, based on the secret key that you saved to your TOTP app when 2FA was set up. Find the app or program that you originally used to setup 2FA and retrieve the authentication code from there.
TOTP codes are time‑based. If the clock on your phone or computer is out of sync with GitHub's server, the code will be invalid. Ensure that your device’s date, time and time zone are set automatically by your network provider. On most mobile devices, this means turning on the Set automatically option.
Codes change every 30 seconds. Open your TOTP app, wait for the next code to appear and enter it immediately. Avoid typing spaces or extra characters as these will make the code invalid.
Most TOTP apps support multiple accounts for a single website. Make sure you’re reading the code from the correct entry in the app. Codes generated for a different account will not work.
Many TOTP apps support cloud backup or key export. If you lose or reset your device, you may be able restore your 2FA data from the app’s backup to a new device. Consult your app’s documentation for instructions.
Make sure your device and cellular plan is capable of receiving Short Message Service (SMS) messages. Some "data-only" phone plans and tablet devices connected to a cellular network may not support receiving text messages. Check with your provider and device manufacturer.
Carrier rates may apply for received SMS messages. Ensure your cellular plan covers potential charges.
Disable "Do Not Disturb" mode or spam‑filtering apps that might block receipt of authentication codes.
Receiving text messages generally requires a strong network signal. Ensure you have adequate coverage before requesting an authentication code.
Turning your phone off and on will re-register the device with the network, which may resolve some deliverability issues. Enabling and disabling an "Airplane Mode" may also be sufficient, but power cycling your phone is more reliable.
Check with your cellular provider or carrier to see if there are any local outages or delivery issues in your area. They may also be able to investigate delivery issues for your connection. Provide them with the SMS number configured on your GitHub account and the time that you requested an authentication code from GitHub.
Note
GitHub, along with our SMS delivery partners, proactively monitors our SMS deliverability success rates. Periods of low-deliverability that would indicate a widespread issue are promptly investigated. You can check active and historical incidents affecting SMS delivery in your region on GitHub's status page.
If you have tried troubleshooting and you are still having trouble, you can try authenticating with another method, such as a passkey, GitHub Mobile, or a security key, if pre-configured on the account. For more information, see Accessing GitHub using two-factor authentication.
Warning
For security reasons, GitHub Support cannot assist with troubleshooting your 2FA methods, including SMS delivery.
If you don't have another authentication method, you will need to try account recovery. For more information about account recovery, see Recovering your account if you lose your 2FA credentials.
If you are receiving a "Recovery code authentication failed" error when using a recovery code, the code you are entering is invalid. You can try troubleshooting your recovery codes.
A set of recovery codes contains more than one code. A single code is 10 alphanumeric characters with a hyphen in the middle: xxxxx-yyyyy.
xxxxx-yyyyy
Each code is single-use only: once it has been used to authenticate, it cannot be used again. Try using a different code from the set.
When 2FA is disabled and re-enabled, a new set of codes are created which invalidates the previous set. Recovery codes are also invalidated whenever a new set of codes is generated. Even if you think you might not have another set of codes, you could try searching for them in your devices, backups, and password managers. They will have the default filename github-recovery-codes.txt.
github-recovery-codes.txt