2FA without dedicated mobile phone/device?

Is there any consideration to have 2FA without dedicated mobile phone (e.g. via e-mail)? I mean you have 2 dedicated separate secured channels and do not necessarily need a second (physical) device. Yes, I know this way is more secured…

Or is there any way to use 2FA on Github without needing a dedicated second device? I am forced to use 2FA by the organization I am supporting (which is absolutly fine for me), but I am actually not willing to provide my mobile number nor installing an app bounding authentication to a specific external physical device (what might break, get lost, been forgotten at home) nor having 3 devices (computer to code, dedicated mobile device authenticated and enabled to use physical key generator via nfc).

Hi @retro64,

Thanks for being part of the GitHub Community Forum. I’ll answer your question as best I can.

At this time, the only options for primary 2FA are via SMS or TOTP app. This is for a number of reasons, including security for your account. I recommend reading our article here on security for your GitHub account for more information.

I understand your desire to not share your mobile number and also your concerns about linking authentication to a specific device. That said, we also offer several fallback methods for 2FA, should you ever lose your device. You could set up 2FA with a TOTP app and then set a number of different fallback options, including a FIDO U2F security key. This helps provide a backup option for accessing your account should you ever lose or damage your primary device with the TOTP app installed.

I hope this helps! Cheers!

1 Like

Hi @nadiajoyce,

thank you for your answer (even if it was not the answer I hoped for…). I still hope there will be a multi channel, one device solution for 2FA in the near future…


I’m hate this nonsese crap of MFA. Company still get hack from inside out anyway! I also not rich enough to own a smart phone, or paid for SMS crap.

1 Like

Please give us the users freedome to by pass this crap without smart phone and SMS.


To be honest MFA using phones or any second device in general is a very bad idea.  Besides the fact that some of us are too poor to own say a smartphone (myself included) it just increases the attack vector and doesn’t solve really anything, and encourages data loss especially among people who wouldn’t even bother to use a strong password in the first place.  There’s no excuse for this.  It’s a very bad idea.  And immoral to force it on people.  As of current I can’t twitch stream, can hardly use steam, can’t really use any service which depends on it.  The only reason I have an email is because thank god there’s some email services that don’t require a **bleep** phone number.  I could see it being optional.  But making it mandatory is just very against personal rights.


Posted in wrong “reply” location. Will go recreate in appropriate location.

Hey. Is it safe to use your phone? What if I bought a phone on this 4Prototypes service? Find Necessary Hi-Tech Product Easy on this site. I bought this phone for myself and now I can’t figure out if I can save all my data on this device? Do I need to install some other program so that all the data remains on my phone, and others cannot take possession of it? Thank you all in advance for your answers.

I haven’t tested it with Github 2FA, but KeePassXC is a desktop password manager that can also do TOTP. Carefully consider whether keeping the TOTP tool on (presumably) the same computer that you use to log in fits your security needs.