Setting two factor authentication with github HTTPS

Noräs Salman Noräs Salman |

Tags: #2FA #git #github

Two factor authentication is a great way to add an extra layer of security to your web services. However a problem arise when using 2FA with already existing terminal based apps and services that with an their own protocol, in our case GIT.

The company I’m working for enforced two factor authentication on its private github group.
After this I was not able to clone pull or push anything over HTTPS using my normal username/email password credentials.

mycomputer:MyRepo nindoda$ git pull
Username for 'https://github.com': noras-salman
Password for 'https://noras-salman@github.com':  ****PASSWORD***
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/MyGroup/MyRepo.git/'

The solution

In order to solve the problem I had to create a github web access token. A web access token provides a way to authenticate when calling github’s web API it also provides a way to to run the git commands over HTTPS, since it’s web based.

In order to create a web access token you have to:

  • start by clicking on your profile image on the top right corner then choose “Settings”.
  • Then click on “Developer settings”.
  • Finally select “Personal access tokens”.
  • Generate your new token and choose the permissions you need.

Copy and store your token in a very secret place. The token is equivalent to your new password so treat it the same way.

Using your token to authenticate

Retry, or try to pull, clone or push to your repository but this time use your token this time when the git prompt you to enter your password.

mycomputer:MyRepo nindoda$ git pull
Username for 'https://github.com': noras-salman
Password for 'https://noras-salman@github.com': ****TOKEN***
From https://github.com/MyGroup/MyRepo
 * [new branch]      3.0.7         -> origin/3.0.7
 * [new branch]      3.0.8         -> origin/3.0.8
 * [new branch]      3.0.9         -> origin/3.0.9
 * [new branch]      4.1.3         -> origin/4.1.3
 * [new branch]      4.1.4         -> origin/4.1.4
 * [new branch]      4.1.5         -> origin/4.1.5

About the author

Noräs Salman

"Senior Software Engineer. MSc in Computer systems and Networks with big interest in security. Loves to play with Android code and does security research for fun and profit. Speaks 4 languages and codes in much more."

Related articles

Tags: #2FA #git #github

Copyright © 2019 - nindoda.com