Skip to content

Two-factor Authentication

Today we're adding two-factor authentication to GitHub.

When you enable this feature, it adds an additional layer of security to your account. When logging in to GitHub, after providing your username and password, you will be asked for a two-factor authentication code that is delivered to your mobile device via SMS or a free two-factor application. This additional step ensures that a malicious person who has discovered your password will not be able to log in to GitHub as you.

How do I enable it?

You can find a link in your account settings.

Settings link

You can find more information about setting up two-factor authentication on the documentation page.

Enabling this feature will affect more than just your GitHub.com login experience. Visit this help article to learn how two-factor authentication works with HTTPS Git, GitHub for Mac, GitHub for Windows, and the API.

How does it work on GitHub.com?

After entering your username and password, you will be prompted for a two-factor authentication code.

Prompt

This code can obtained from your mobile device through one of two methods:

After entering the code, you will be logged in.

How does it work for command-line Git?

If you are using SSH for Git authentication, rest easy: you don't need to do anything. If you are using HTTPS Git, instead of entering your password, enter a personal access token. These can be created by going to your personal access tokens page.

Personal Access Tokens

How does it work in GitHub for Mac and GitHub for Windows?

After entering your username and password, you will be prompted for a two-factor authentication code.

GitHub for Mac GitHub for Mac

GitHub for Windows GitHub for Windows

What if I lose my mobile device?

We provide a number of recovery options, including recovery codes and backup SMS numbers. See this help article for more information.

Recovery Codes

Enjoy the newer, more-secure GitHub!

Site Maintenance August 31st 2013

This Saturday, August 31st, 2013 at 5AM PDT we will be upgrading a large portion of our database infrastructure in order to provide a faster and more reliable GitHub experience.

We estimate that the upgrades should take no longer than 20 minutes. In order to minimize risk we will be putting the site into maintenance mode while the upgrade is performed. Thus, HTTP, API and Git access to GitHub.com will be unavailable for the duration of the upgrade.

We will update our status page and @githubstatus at the beginning of maintenance and again at the end.

IP Address Changes

As we continue to expand the infrastructure that powers GitHub, we want to make everyone aware of some changes to the IP addresses that we use. Most customers won't have to do anything as a result of these changes.

We mentioned these new addresses back in April and updated the Meta API to reflect them. Some GitHub services have have already been migrated to the new addresses, including:

  • api.github.com
  • gist.github.com
  • ssh.github.com

Our next step is to begin using these IP addresses for the main GitHub site, so we're reminding everyone about this change. There are a few gotchas that might affect some people:

  1. If you have explicit firewall rules in place that allow access to GitHub from your network, you'll want to make sure that all of the IP ranges listed in this article are included.
  2. If you have an entry in your /etc/hosts file that points github.com at a specific IP address, you should remove it and instead rely on DNS to give you the most accurate set of addresses.
  3. If you are accessing your repositories over the SSH protocol, you will receive a warning message each time your client connects to a new IP address for github.com. As long as the IP address from the warning is in the range of IP addresses in the previously mentioned Help page, you shouldn't be concerned. Specifically, the new addresses that are being added this time are in the range from 192.30.252.0 to 192.30.255.255. The warning message looks like this:
Warning: Permanently added the RSA host key for IP address '$IP' to the list of known hosts.

Thanks for your patience and continued support as we work to make GitHub faster and more reliable!

Better password security in GitHub for Windows

We're always looking at ways to improve security. Today's release of GitHub for Windows (version 1.0.54) improves password handling security through the use of OAuth tokens.

Prior to this release the application would encrypt and store your password. Since the application also registers itself as your Git credential provider, the app would provide your credentials in clear text to Git.exe whenever it asked for them.

With this release, when you log in with your username and password, the application registers itself on GitHub.com as an Authorized application and receives an OAuth token that it stores instead of your password. This is similar to how other applications that integrate with GitHub work such as Travis-CI.

Go to your account settings and click the Applications tab to see a list of authorized applications.

For a while now, GitHub has supported using Git over HTTPS with an OAuth token. Now, when Git requires your credentials, GitHub for Windows passes your OAuth token to Git.

One benefit of this approach is if someone steals your laptop, you can just go to the Applications tab and click the Revoke button to invalidate the current OAuth token. The thief can't retrieve your password from the contents of your hard-drive. The next time you log in, GitHub for Windows registers itself again and receives a newly generated OAuth token. Of course in this situation, it's still a good idea to change your password.

Enjoy more secure access to your GitHub account!

See your CSVs

Following on the tails of 3D models and geographic data, GitHub.com now also supports rendering tabular data in the form of .csv (comma-separated) and .tsv (tab-separated) files.

CSV Rendering on GitHub.com

When viewed, any .csv or .tsv file committed to a GitHub repository will automatically render as an interactive table, complete with headers and row numbering.

You can even link to a particular row simply by clicking the row number, or select multiple rows by holding down the shift key. Just copy the URL and send it to a friend.

Selecting rows

Want to see if a certain value is in your dataset? Just start typing and the data filters itself.

Searching for values

Building software is about more than code. Whether analyzing a government dataset, comparing performance benchmarks, or parsing crash reports, working with tabular data on GitHub just got a little bit easier.

For more information, check out our help article.

Happy Analyzing!

Identicons!

GitHub is about to get a lot more colorful. Starting today, we are generating Identicons for anyone without a Gravatar:

identicons

Our Identicons are simple 5x5 "pixel" sprites that are generated using a hash of the user's ID. The algorithm walks through the hash and turns pixels on or off depending on even or odd values. These generated patterns, combined with hash-determined color values, ensures a huge number of unique Identicons.

Using a Gravatar but want to see what your identicon would be? Use this URL and replace my GitHub login with yours:

https://identicons.github.com/jasonlong.png

:space_invader:

Explore what is Trending on GitHub

trending repositories-1

GitHub is a great place to find interesting projects. From the White House open data policy to Chicago bike routes, GitHub has become a place for collaboration on more than just code. Today we're making these interesting projects easier to find through the new trending page.

Time boxed by day, week, month

Eight times a day we calculate trending data into three time buckets: daily, weekly, and monthly. You can change the time periods by selecting one from the drop-down.

image

Filter by languages

You can also filter the trends by language. By default you will see trending items in any language.

You'll also see "unknown languages" as a filter. Our language library can't always determine the language for the repository, but that won't keep the repository from trending.

Next up, you will see languages that you find interesting based on your top starred repositories. If you haven't starred any repositories, you'll see trends based on the top languages on GitHub. Of course, we also provide a drop-down for all the rest of the languages.

Languages are always computed based on repositories. When on the repositories tab, you will see repositories with the primary language of the language filter you selected. When looking at the developers tab, you will see developers that have a trending repository in the selected language.

image

Trending Repositories

image

For each trending repository, you'll see the owner/repository name, primary language name, repository description, a star button, and a list of the top five contributors for the project.

Trending Developers

image

In all parts of these new pages, we showcase the smart people creating these great projects. On the developers tab, you'll find both developers and the organizations of developers that have trending repositories on GitHub.

Alongside each trending developer, we highlight their most popular repository.

Questions

What makes repositories or developers trend? We look at a variety of data points including stars, forks, commits, follows, and pageviews, weighting them appropriately. It's not just about total numbers, but also how recently the events happened.

Why isn't there more than one page? We want to surface just the top 25. Any more than that dilutes the effectiveness of trending and takes a lot to compute.

How can I see more? Try our search. You can do more interesting things than you think.

With 7.8 million projects, there's even more to explore on GitHub!

Checking out Pull Requests

For all of the pull request reviewers out there, we're excited to announce a new feature in GitHub for Mac and GitHub for Windows to make your lives easier!

On any pull request that you have permission to merge, you'll see this new button:

Check out this branch in GitHub for Mac

Clicking it will open GitHub for Mac or GitHub for Windows, clone the repository (if you don't have it), then automatically switch to the branch containing the changes.

Or, if the pull request was opened from a fork, we'll automatically create a local branch like pr/123:

Local pull request branch from a fork

Although changes can't be pushed back to the fork, this is still a handy way to test out a pull request locally.

Happy reviewing!

Cutting the GitHub Pages Gem

Building and testing GitHub Pages sites on your computer just got a whole lot easier with the release of the GitHub Pages Gem.

Running Jekyll (the engine that powers GitHub Pages) locally can be a big help when you'd like to preview a site on your computer before pushing changes, or if you are trying to diagnose a troubled build.

Starting today, you can bootstrap an environment that mirrors the GitHub Pages servers as closely as possible by simply running the command gem install github-pages from your project's directory.

Or if you've got Bundler installed, simply add gem 'github-pages' to a file named Gemfile in the project's root directory, then run the bundle install command.

Better yet, we're using the Gem here at GitHub, so as our servers update, you can more easily update your local environment, ensuring what you see on your computer matches what others see once the site is published. Just run gem update github-pages or bundle update github-pages and everything will be :sparkles:.

You can begin adding the Gem to your sites immediately, or for more information see the Using Jekyll with Pages help article.

Happy versioning! :gem: :gem: :gem:

Keep Your Email Private

Good news for folks who want to get their web-based GitHub Flow on while remaining cloaked in secrecy: Today we're :ship:ing the ability to make your email address private!

Until today, all web-based GitHub Flow used your primary email address. This included creating, editing, and deleting files, as well as merging pull requests.

But now you can keep your email address private. To do so, visit your email settings page:

email settings

With this turned on, web-based operations will use a username@users.noreply.github.com email address.

Think of this as git config user.email for the website. You should still use git config for configuring your email address for commits done via the command line, though. For more information, see the help document.

Big :thumbsup: to all the folks who suggested this feature, and happy [REDACTED] GitHubbing!

Gist meets GeoJSON

Back in June we shipped support for viewing geographic data to GitHub.com repositories in GeoJSON & TopoJSON formats, which was awesome for open data sets and collaborative projects. We didn't want to finish there, though. We wanted to make it easier to share data with others.

Now it's easier! To share a map, just drag a GeoJSON or TopoJSON file over to a new gist and hit create.

:tada:

Gist will build your map for you and anyone you share it with for easy collaboration.

You can also use a service like geojson.io to compose a map and quickly save it as a GeoJSON Gist.

Of course this still works if you embed the Gist anywhere else on the modern internet.

If you want to know more about sharing geographic data in Gists, be sure to check out our help article.

Code Search API

Humans have enjoyed our :sparkles: new code search for a while, and today we're ready to share that joy with the machines. :mag:

With the new code search API, we've taken the full power of GitHub's search and made it available in the API. You can search by file extension and language, filter by number of forks or stars, and use all the other search qualifiers you've come to know and love.

Highlights

In addition to finding specific files that match your search, you often want to find the exact location of your search terms inside that file. On github.com, we present code snippets for each file, and we highlight the matching text.

code-snippet-highlighting

We want API consumers to have access to that information as well. The API provides the same snippets, along with metadata identifying the exact location of each matching search term.

Improved Search API for Repositories, Issues, and Users

Search isn't just about code. We're also launching a more powerful search API for repositories, issues, and users. With its more extensive set of query operators, and snippets showing the specific text that matched your search, you can quickly zero in on the items you're looking for.

For full details, check out the announcement on the Developer Blog.

Happy searching finding!

GitHub's on your phone

Today we’re excited to ship mobile web views on GitHub.

untitled-1

Repositories, Issues, Pull Requests, blobs, history views, and Pulse are now much easier to use from a phone.

GitHub is a great tool for building and shipping software, but most of that building still requires a laptop or desktop computer. Our phones, on the other hand, aren’t great for creating things but they’re perfect for browsing and reading content. That’s what we focused on with the mobile site.

Mobile web

We find ourselves using GitHub from our phones more every day. Instead of opening a native app, we are clicking through from other apps like Twitter, Facebook, or our email client. These are perfect situations to build a site optimized for mobile devices.

bueller

With the mobile site we’ve tried to make it easy to explore new repositories and keep up with repositories that we’re active in every day.

Less fancy, more fast

A responsive interface is one of the most important parts of creating a great user experience. Like we did with Repository Next, we’ve put a huge emphasis on speed with our mobile site. By using very little JavaScript and writing CSS and markup specifically for mobile, we were able to reduce page sizes dramatically and make the site feel very fast.

skitched-20130714-173311

To check it out, visit github.com on your phone and tap around.

Choosing an Open Source License

It’s easy to get caught up in code. Sharing your code isn’t everything, though: it’s also important to tell people how they can use that code.

Choosing an open source license can be confusing. We’ve created ChooseALicense.com to help you make that decision.

choosealicense

You can see a breakdown of what’s required, what’s permitted, and what’s forbidden for each license:

breakdown

When you’ve made your choice, copy it to your clipboard with one click:

copy

Have any suggestions? ChooseALicense.com itself is open source. Send us a Pull Request with your changes.

Licenses on GitHub.com

Now that we have all these licenses in one happy home, we want to help people choose their licenses on GitHub, too. When you create a new repository you’ll see a new license picker:

choose-a-license

To get started, simply point your browser at choosealicense.com, or for more information, you can dive into the full documentation. Happy licensing!

OAuth Improvements

We have a couple of great new features and improvements to the OAuth flow to announce! First off, application developers can now add full text descriptions and custom images to their applications to help communicate to potential users.

screen shot 2013-06-06 at 2 42 30 pm

Next, we have entirely new views for allowing/denying access to your GitHub account. These views better communicate the identity of the 3rd party application and what kind of access they are requesting.

screen shot 2013-07-11 at 2 28 57 pm

Want to develop an application that uses OAuth and leverages the GitHub API? We have a great set of documentation to help get you started.

OAuth away!

Something went wrong with that request. Please try again.