2FA Guide

Hack for LA requires two-factor authentication (2FA) in GitHub for all project contributors.


In This Guide

To Enable 2FA:

Visit and follow Github's Guide to Setting Up 2FA

If you already have a 2FA application on your mobile phone, you can use that. If you do not already have a 2FA application you will be instructed to download your mobile app of choice (we have had good luck with Authy) and follow the detailed instructions to complete configuration in GitHub.


GitHub's guide on configuring two factor authentication using time-based one-time password. Authy is highlighted because Hack for LA contributors prefer the Authy mobile application

Frequently Asked Questions

What is 2FA?

Two-factor authentication, or 2FA, is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password, and then provide another form of authentication that only you know or have access to.

Read more information about 2FA at GitHub

Why set up 2FA now?

  • We are in the process of establishing best practices on Hack for LA projects and in the HfLA organization’s GitHub account.
  • There have been recent news items about hackers attempting to hold open source repositories for ransom. Although these attempts have mostly been unsuccessful, it is still a good reminder that we should use security best practices.

Encountering challenges using Git CLI after setting up 2FA? (Developers)

You might encounter a challenge using the Git CLI after enabling 2-Factor Authentication if you have not used the ssh link for the repo URL.


If you clone via the ssh URL for a repo, e.g.

[email protected]:hackforla/governance.git

instead of the https URL, e.g.

https://github.com/hackforla/governance.git

then you probably won't run into any issues after enabling 2FA, as you already use an SSH key.


Read more about connecting to GitHub with SSH.

Also, these steps might help you get the CLI auth working again:

  1. Try pushing code from the CLI, if you get rejected unexpectedly it’s 2FA (if you enabled it)

  2. Clear your cached GH credentials

  3. Create a token at GH.com, which you’ll use as your CLI password


If you are still having issues using 2FA with your CLI, please reach out to the #ops channel on the Hack for LA Slack.

<!-- Refactor Javascript, moved script to 2FA.js, issue #2068