If you are receiving a "Two-factor authentication failed" error when authenticating with two-factor authentication (2FA), the authentication code you are entering is incorrect. You can try troubleshooting your configured authentication methods before attempting account recovery.
Troubleshooting authentication using a TOTP app
Use the right app
When authenticating with a TOTP app, GitHub does not send you anything; you need to provide GitHub with a valid code, based on the secret key that you saved to your TOTP app when 2FA was set up. Find the app or program that you originally used to setup 2FA and retrieve the authentication code from there.
Check your device’s date and time
TOTP codes are time‑based. If the clock on your phone or computer is out of sync with GitHub's server, the code will be invalid. Ensure that your device’s date, time and time zone are set automatically by your network provider. On most mobile devices, this means turning on the Set automatically option.
Wait for a new code and enter it promptly
Codes change every 30 seconds. Open your TOTP app, wait for the next code to appear and enter it immediately. Avoid typing spaces or extra characters as these will make the code invalid.
Verify you’re using the correct account entry
Most TOTP apps support multiple accounts for a single website. Make sure you’re reading the code from the correct entry in the app. Codes generated for a different account will not work.
Restore from a TOTP backup
Many TOTP apps support cloud backup or key export. If you lose or reset your device, you may be able restore your 2FA data from the app’s backup to a new device. Consult your app’s documentation for instructions.
Recovering your account if troubleshooting doesn't help
If you have tried troubleshooting and you are still having trouble, you can try authenticating with another method, such as a passkey, or a security key, if pre-configured on the account. For more information, see Mit Zwei-Faktor-Authentifizierung auf GitHub zugreifen.
If you don't have another authentication method, you will need to try account recovery. For more information about account recovery, see Dein Konto beim Verlust der 2FA-Anmeldeinformationen wiederherstellen.
Troubleshooting using recovery codes
If you are receiving a "Recovery code authentication failed" error when using a recovery code, the code you are entering is invalid. You can try troubleshooting your recovery codes.
Use one code at a time
A set of recovery codes contains more than one code. A single code is 10 alphanumeric characters with a hyphen in the middle: xxxxx-yyyyy.
Try using a different code
Each code is single-use only: once it has been used to authenticate, it cannot be used again. Try using a different code from the set.
Check you're using the right set of codes
When 2FA is disabled and re-enabled, a new set of codes are created which invalidates the previous set. Recovery codes are also invalidated whenever a new set of codes is generated. Even if you think you might not have another set of codes, you could try searching for them in your devices, backups, and password managers. They will have the default filename github-recovery-codes.txt.