Sachin Patil

Sachin Patil

Free Software Developer | GNU Emacs Hacker

2 factor authentication and git
Published on Mar 29, 2018 by Sachin.

Google’s 2 Step Verification and GitHub’s 2 Factor Authentication are preferred & secured but they are quite confusing when using git. In this post lets see how to setup those and configure git using generated password/token to send patch using git-send-email & push commit to remote server using git-push.

Google’s 2 Step Verification

Using this link https://security.google.com/settings/security/apppasswords and setup App password. You need to login using your usual password first. After successful login, a section Password & sign-in method will show that your 2 Step Verification is Off. Click the arrow to turn on 2 Step Verification as shown below.

Enable 2 Step Verification

Figure 1: Enable 2 Step verification

Next, you need to provide your phone number to receive a verification code. You can get the code using Text message or a Phone call as show below. Enter phone number and click Next.

Enter Phone number

Figure 2: Enter Phone number

Enter verification code and click Next.

Enter verification code

Figure 3: Enter verification code

and click TURN ON

Turn On 2 Step verification

Figure 4: Turn On 2 Step verification

This is also a good time to have alternate backup option. I use Free OTP but Google Authenticator is also good choice.

Choose alternative application

Figure 5: Choose alternative application

Next page will make you select the app and the device.

Select app and device

Figure 6: Select app and device

For sake of this post I want to use the token to send Email using git-send-email, I will select the app as Mail.

Select app and device

Figure 7: Select app and device | App

The device is nothing but my GNU/Linux system, I prefer to select Other (Custom name).

Select app and device

Figure 8: Select app and device | Device

Name the app anything you want. As I plan to use the generated password for git-send-email, I prefer the same name. This also will help me to manage multiple apps in future. Click GENERATE to generate password.

Generate password for an application

Figure 9: Generate password for an application

A password is 16 characters. We need this password to send patches via git

Generate app password

Figure 10: Generate app password

Once the password is handy, create a file ~/git-credentials with following line. Replace <username> with Gmail login name and <16CharPassword> with generated password. (Note: This file is in plan text.)


Or store details in ~/.gitconfig

 1: [user]
 2:     name = <FirstName LastName>
 3:     email = <username>@gmail.com
 4: [sendemail]
 5:     smtpEncryption = tls
 6:     smtpServer = smtp.gmail.com
 7:     smtpUser = <username>@gmail.com
 8:     smtpPass = <16CharPassword>
 9:     smtpServerPort = 587
10:     suppresscc = all

Or you can use git credential helper store to store above details

Test the settings by sending a patch,

git send-email --to=user@somedomain.com -1

GitHub’s 2 Factor Authentication

Generate new token using this link https://github.com/settings/tokens and click Generate new token as shown below,

Generate GitHub token

Figure 11: Generate GitHub token

and store the token in ~/.git-credentials as below,

https://<GitHub username>:<GitHub Token>@github.com

Test the setting by pushing a commit.

Each credential is stored on its own line in file ~/.git-credentials file, something like,

1: smtp://<username>%40gmail.com:<16CharPassword>@smtp.gmail.com%3a587
2: https://<GitHub username>:<GitHub Token>@github.com


  1. git-send-email
  2. git-credential-store
  3. GitHub Gist