Other Articles

GitHub Users – Enable Multi-Factor Authentication (MFA)

Secure Configuration Checks > Github

This check ensures that Multi-Factor Authentication (MFA) is enabled for GitHub users. Enabling MFA strengthens access control and protects accounts from unauthorized access caused by compromised credentials.

Check Details

  • Resource: GitHub User
  • Check: Ensure MFA is enabled
  • Risk: Unauthorized account access leading to code tampering or data exposure

Remediation via GitHub UI

  1. Log in to your GitHub account. Github Overview
  2. Click on your profile picture in the top-right corner and select Settings. Github Settings
  3. In the left navigation panel, click Password and authentication. Github Password Settings
  4. Under the Two-factor authentication section, click Enable two-factor authentication. Github Enable 2 factor authentication
  5. Choose your preferred authentication method:
    • Authenticator app (recommended)
    • SMS authentication (not recommended for high-security environments)
    Github 2 factor authentication Options
  6. Complete the setup process and securely store your recovery codes.

Updated on 27 March, 2026