SCAZT: Implementing Multifactor Authentication with Cisco Duo on Your GitHub Account
1. Overview
What You’ll Learn
- Introduction to MFA and Duo
- Adding Accounts to Duo
- Testing Duo MFA on GitHub
What You’ll Need
- GitHub account with multifactor authentication (MFA) not enabled yet
- Mobile device with permissions to install Cisco Duo, or Duo already installed
2. Introduction to MFA and Duo
Most people are familiar with the concept of a password. A password is a secret word or phrase that is used to gain access to a protected resource. Passwords are a form of authentication, which is the process of verifying that a user is who they claim to be. However, passwords are not a perfect form of authentication. They can be guessed, stolen, or even cracked using brute-force attacks.
MFA is a method of authentication that requires a user to provide two or more pieces of evidence to verify their identity. The most common form of MFA is two-factor authentication (2FA), which requires a user to provide two pieces of evidence. The first factor is typically something the user knows and can share securely, such as a password. The second factor is typically something the user has in their possession, such as a smartphone.
Cisco Duo is an application that provides a secure and user-friendly way to implement MFA. Duo is used by thousands of organizations to protect their users and devices from cyber attacks, including enabling device trust and single sign-on. In this tutorial, we will focus on the MFA uses case. Duo is free for personal use and can be downloaded from the Apple App Store or Google Play Store.
The high-level flow of Duo is as follows:
- A user attempts to log in to a protected service.
- The service prompts the user to provide their username and password.
- The service prompts the user to provide a second factor of authentication (Duo).
- The user opens the Duo Mobile app on their device and approves the login request.
- The user is granted access to the service.
In this tutorial, we are going to walk through adding 2FA to your GitHub account. Certain GitHub users are required to enable 2FA as an additional security measure, or be restricted from account actions.
3. Installation and Setup of Duo
To get started, download and install the Duo Mobile app on your device from the Apple App Store or Google Play Store. Once installed, open the app and follow the setup process, which involves creating an account and verifying your phone number.
Adding Your GitHub Account to Duo
After you have created your account, you will be prompted to add an account to Duo. In this case, we will be adding our GitHub account. To do this, open the GitHub website in your browser and log in to your account. Navigate to your profile settings and select Password and authentication. Then, scroll down to Two-factor authentication.
The GitHub web page has some instructions on setting up an authenticator application. In our case, we are using Duo as our authenticator application. You will see a QR code in the middle of the screen, which you can scan with the Duo Mobile app on your device.
The top of the page looks like this (apart from the QR code, which is unique to your account):
The bottom of the page includes alternative means to set up the authenticator app, including an option to manually enter the key rather than using the convenience of the QR code.
We will add the GitHub account to Duo in the next step.
4. Adding Accounts to Duo
To add our GitHub account to Duo, we will open the Duo Mobile app on our device and select Add account. We can search by the name of the service we are adding, which in this case is GitHub.
We will then select Use QR code and scan the QR code on the GitHub website, using the camera of our mobile device.
Using Duo for MFA
Now that Duo has scanned the QR code from the GitHub website, it will have a few explanatory pages to let us know how things work.
The first page we see lets us know that Duo will generate a passcode for our GitHub account. This passcode will be used as the second factor of authentication when logging in to GitHub.
Duo will also let us know that we need to give a nickname to our GitHub account so that we can easily identify the account in the Duo Mobile app.
It suggests a nickname based on my username, but you can create your own.
Using the Passcodes Generated by Duo
Duo provides an option to set a password if we need to recover this account. Duo does not save the password, so use another password manager to keep track of your password here.
After you enter your password, there will be a confirmation screen, and another instruction screen reminding you to use Duo’s generated MFA passcode to log in to the app.
Once you click Show passcode, you will be taken back the Duo home screen, where you will see a six-digit passcode for your GitHub account. This passcode will change every 30 seconds. The passcode and other accounts on my screen are intentionally blurred out.
Recovery Codes
Type in your codes into the GitHub page to proceed.
Before leaving the 2FA GitHub page, finish by saving your recovery codes in a secure location. These codes can be used to recover your account if you lose access to your device. Treat them with the same security as your password.
5. Testing Duo MFA on GitHub
Now that we have added our GitHub account to Duo, let’s test it out. Open the GitHub website in your browser and log in to your account. If you are already logged in, log out, or try it in a private browser. You will be prompted to enter your username and password as usual.
At this point, GitHub will prompt you to enter your second factor of authentication. Open the Duo Mobile app on your mobile device and find the passcode for your GitHub account. Enter this passcode into the GitHub website and click Verify.
After you have entered the passcode, you will be logged in to your GitHub account. Congratulations, you have successfully enabled 2FA on your GitHub account!
6. Congratulations
You’ve completed this tutorial, advancing in your CCNP journey. To continue building your networking skills, check out our additional tutorials, courses, and learning paths.
Why Create a Free Cisco U. Account?
A Cisco U. account helps you:
Personalize training: Set your learning goals and pace.
Track progress: Monitor your achievements and learning milestones.
Resume anytime: Continue your learning exactly where you stopped.
Further Learning Resources
Inside Cisco U.: Step-by-Step Guide to Learning Paths, Courses, Labs, and Tutorials
Explore more on Cisco U:
Training Resources
- Secure Cloud Access for Users and Endpoints v1.0 (SCAZT 300-740) is a 90-minute exam associated with the CCNP Security Certification.
Need Help or Want to Engage?
To ask questions and share ideas, join our Cisco Learning Community.
For technical issues, feedback, or more resources, visit our Cisco U. Support page.
Finishing Up
Don’t forget to click Exit Tutorial to log your completed content.