What You’ll Learn

What You’ll Need

Most people are familiar with the concept of a password. A password is a secret word or phrase that is used to gain access to a protected resource. Passwords are a form of authentication, which is the process of verifying that a user is who they claim to be. However, passwords are not a perfect form of authentication. They can be guessed, stolen, or even cracked using brute-force attacks.

MFA is a method of authentication that requires a user to provide two or more pieces of evidence to verify their identity. The most common form of MFA is two-factor authentication (2FA), which requires a user to provide two pieces of evidence. The first factor is typically something the user knows and can share securely, such as a password. The second factor is typically something the user has in their possession, such as a smartphone.

Cisco Duo is an application that provides a secure and user-friendly way to implement MFA. Duo is used by thousands of organizations to protect their users and devices from cyber attacks, including enabling device trust and single sign-on. In this tutorial, we will focus on the MFA uses case. Duo is free for personal use and can be downloaded from the Apple App Store or Google Play Store.

The high-level flow of Duo is as follows:

In this tutorial, we are going to walk through adding 2FA to your GitHub account. Certain GitHub users are required to enable 2FA as an additional security measure, or be restricted from account actions.

To get started, download and install the Duo Mobile app on your device from the Apple App Store or Google Play Store. Once installed, open the app and follow the setup process, which involves creating an account and verifying your phone number.

Adding Your GitHub Account to Duo

After you have created your account, you will be prompted to add an account to Duo. In this case, we will be adding our GitHub account. To do this, open the GitHub website in your browser and log in to your account. Navigate to your profile settings and select Password and authentication. Then, scroll down to Two-factor authentication.

The GitHub web page has some instructions on setting up an authenticator application. In our case, we are using Duo as our authenticator application. You will see a QR code in the middle of the screen, which you can scan with the Duo Mobile app on your device.

The top of the page looks like this (apart from the QR code, which is unique to your account):

GitHub 2FA Setup Header

The bottom of the page includes alternative means to set up the authenticator app, including an option to manually enter the key rather than using the convenience of the QR code.

GitHub 2FA Setup Footer

We will add the GitHub account to Duo in the next step.

To add our GitHub account to Duo, we will open the Duo Mobile app on our device and select Add account. We can search by the name of the service we are adding, which in this case is GitHub.

GitHub Duo Search

We will then select Use QR code and scan the QR code on the GitHub website, using the camera of our mobile device.

GitHub Duo Search

Using Duo for MFA

Now that Duo has scanned the QR code from the GitHub website, it will have a few explanatory pages to let us know how things work.

The first page we see lets us know that Duo will generate a passcode for our GitHub account. This passcode will be used as the second factor of authentication when logging in to GitHub.

Duo will also let us know that we need to give a nickname to our GitHub account so that we can easily identify the account in the Duo Mobile app.

GitHub Duo Naming

It suggests a nickname based on my username, but you can create your own.

GitHub Duo Org and Name

Using the Passcodes Generated by Duo

Duo provides an option to set a password if we need to recover this account. Duo does not save the password, so use another password manager to keep track of your password here.

GitHub Duo Password

After you enter your password, there will be a confirmation screen, and another instruction screen reminding you to use Duo’s generated MFA passcode to log in to the app.

GitHub Duo Password

Once you click Show passcode, you will be taken back the Duo home screen, where you will see a six-digit passcode for your GitHub account. This passcode will change every 30 seconds. The passcode and other accounts on my screen are intentionally blurred out.

GitHub Duo Success

Recovery Codes

Type in your codes into the GitHub page to proceed.

Before leaving the 2FA GitHub page, finish by saving your recovery codes in a secure location. These codes can be used to recover your account if you lose access to your device. Treat them with the same security as your password.

GitHub Duo Password

Now that we have added our GitHub account to Duo, let’s test it out. Open the GitHub website in your browser and log in to your account. If you are already logged in, log out, or try it in a private browser. You will be prompted to enter your username and password as usual.

GitHub login

At this point, GitHub will prompt you to enter your second factor of authentication. Open the Duo Mobile app on your mobile device and find the passcode for your GitHub account. Enter this passcode into the GitHub website and click Verify.

GitHub mfa

After you have entered the passcode, you will be logged in to your GitHub account. Congratulations, you have successfully enabled 2FA on your GitHub account!

You’ve completed this tutorial, advancing in your CCNP journey. To continue building your networking skills, check out our additional tutorials, courses, and learning paths.

Why Create a Free Cisco U. Account?

A Cisco U. account helps you:

Further Learning Resources

Training Resources

Need Help or Want to Engage?

Finishing Up

Don’t forget to click Exit Tutorial to log your completed content.