Expand change 2FA article with additional content (#49185)

Co-authored-by: Sophie <[email protected]>
Co-authored-by: github-actions <[email protected]>

content/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method.md

@@ -0,0 +1,104 @@
+---
+title: Changing your two-factor authentication method
+intro: You can change two-factor authentication (2FA) method without disabling 2FA entirely.
+redirect_from:
+  - /articles/changing-two-factor-authentication-delivery-methods
+  - /articles/changing-two-factor-authentication-delivery-methods-for-your-mobile-device
+  - /github/authenticating-to-github/changing-two-factor-authentication-delivery-methods-for-your-mobile-device
+  - /github/authenticating-to-github/securing-your-account-with-two-factor-authentication-2fa/changing-two-factor-authentication-delivery-methods-for-your-mobile-device
+  - /authentication/securing-your-account-with-two-factor-authentication-2fa/changing-two-factor-authentication-delivery-methods-for-your-mobile-device
+  - /authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-preferred-two-factor-authentication-method
+versions:
+  feature: 2fa-reconfiguration-inline-update
+topics:
+  - 2FA
+shortTitle: Change 2FA method
+---
+
+You can reconfigure your two-factor authentication (2FA) settings or add new 2FA methods without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA.
+
+## Changing an existing two-factor authentication method
+
+{% ifversion fpt or ghec %}
+You can configure a different authenticator app or change your phone number, without disabling 2FA or creating a new set of recovery codes.
+
+### Changing the TOTP app
+
+{% endif %}
+
+You can change the time-based one-time password (TOTP) application you use to generate authentication codes
+
+{% data reusables.user-settings.access_settings %}
+{% data reusables.user-settings.security %}
+{% data reusables.two_fa.edit-existing-method %}
+{% data reusables.two_fa.enable-totp-app-method %}
+{% data reusables.two_fa.save-2fa-method-when-editing%}
+
+{% warning %}
+
+**Warning:** Changes to an existing 2FA method will only take effect after you have provided a valid code from the new method and clicked **Save**. Only replace the existing 2FA method on your device (e.g. the {% data variables.product.prodname_dotcom %} entry in your TOTP app) after your new method is saved to your {% data variables.product.prodname_dotcom %} account completely.
+
+{% endwarning %}
+
+{% data reusables.two_fa.manual-totp-app-setup %}
+
+{% ifversion fpt or ghec %}
+
+### Changing the SMS number
+
+You can change the phone number you use to receive authentication codes via SMS.
+
+{% data reusables.user-settings.access_settings %}
+{% data reusables.user-settings.security %}
+{% data reusables.two_fa.edit-existing-method %}
+{% data reusables.two_fa.enable-sms-number-method %}
+{% data reusables.two_fa.save-2fa-method-when-editing%}
+
+{% endif %}
+
+## Adding additional two-factor authentication methods
+
+We recommend adding more than one 2FA method to your account. This ensures that you can still sign in to your account, even if you lose one of your methods.
+
+In addition to adding multiple 2FA methods, we strongly recommend setting up multiple recovery methods to avoid losing access to your account. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods)."
+
+{% ifversion fpt or ghec %}
+
+### Adding a TOTP app
+
+You can add a time-based one-time password (TOTP) application to generate authentication codes.
+{% endif %}
+
+{% data reusables.user-settings.access_settings %}
+{% data reusables.user-settings.security %}
+{% data reusables.two_fa.add-additional-method %}
+{% data reusables.two_fa.enable-totp-app-method %}
+{% data reusables.two_fa.save-2fa-method-when-editing%}
+{% data reusables.two_fa.manual-totp-app-setup %}
+
+{% ifversion fpt or ghec %}
+
+### Adding an SMS number
+
+{% data reusables.two_fa.sms-warning %}
+
+{% data reusables.user-settings.access_settings %}
+{% data reusables.user-settings.security %}
+{% data reusables.two_fa.add-additional-method %}
+{% data reusables.two_fa.enable-sms-number-method %}
+{% data reusables.two_fa.save-2fa-method-when-editing%}
+
+{% endif %}
+
+## Setting a preferred two-factor authentication method
+
+If you have multiple 2FA methods, you can choose a preferred method that will be shown first when you are asked to authenticate with 2FA.
+
+{% data reusables.user-settings.access_settings %}
+{% data reusables.user-settings.security %}
+1. Under "Two-factor authentication" in "Preferred 2FA method", select your preferred 2FA method from the dropdown.
+
+## Further reading
+
+- "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication)"
+- "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods)"

content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md

@@ -66,56 +66,26 @@ A time-based one-time password (TOTP) application automatically generates an aut
 {% data reusables.user-settings.access_settings %}
 {% data reusables.user-settings.security %}
 {% data reusables.two_fa.enable-two-factor-authentication %}
-{%- ifversion fpt or ghec or ghes > 3.8 %}
-1. Under "Setup authenticator app", do one of the following:
-    - Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on {% data variables.product.product_name %}.
-    - If you can't scan the QR code, click **setup key** to see a code, the TOTP secret, that you can manually enter in your TOTP app instead.
-
-   ![Screenshot of the "Setup authenticator app" section of the 2FA settings. A link, labeled "setup key", is highlighted in orange.](/assets/images/help/2fa/ghes-3.8-and-higher-2fa-wizard-app-click-code.png)
-1. The TOTP application saves your account on {% data variables.location.product_location %} and generates a new authentication code every few seconds. On {% data variables.product.product_name %}, type the code into the field under "Verify the code from the app".
-{%- else %}
-1. Under "Two-factor authentication", select **Set up using an app** and click **Continue**.
-1. Under "Authentication verification", do one of the following:
-    - Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on {% data variables.product.product_name %}.
-    - If you can't scan the QR code, click **enter this text code** to see a code that you can manually enter in your TOTP app instead.
-    ![Screenshot of the 2FA enablement page. A link with the text "enter this text code" is highlighted in orange.](/assets/images/help/2fa/2fa-wizard-app-click-code.png)
-1. The TOTP application saves your account on {% data variables.location.product_location %} and generates a new authentication code every few seconds. On {% data variables.product.product_name %}, type the code into the field under "Enter the six-digit code from the application".
-{%- endif %}
+{% data reusables.two_fa.enable-totp-app-method %}
 {% data reusables.two_fa.save_your_recovery_codes_during_2fa_setup %}
 {% data reusables.two_fa.backup_options_during_2fa_enrollment %}
-{% ifversion ghes < 3.9 %}{% data reusables.two_fa.test_2fa_immediately %}{% endif %}
 
-If you wish to setup a TOTP app manually, and require the parameters encoded in the QR code, they are:
-- Type: `TOTP`
-- Label: `GitHub:<username>` where `<username>` is your handle on GitHub, for example `monalisa`
-- Secret: This is the encoded setup key, shown if you click {%- ifversion fpt or ghec or ghes > 3.8 %}"setup key"{%- else %}"enter this text code"{%- endif %} during configuration
-- Issuer: `GitHub`
-- Algorithm: The default of SHA1 is used
-- Digits: The default of 6 is used
-- Period: The default of 30 (seconds) is used
+### Manually configuring a TOTP app
+
+{% data reusables.two_fa.manual-totp-app-setup %}
 
 {% ifversion fpt or ghec %}
 
 ## Configuring two-factor authentication using text messages
 
 If you're unable to configure a TOTP app, you can also register your phone number to receive SMS messages.
 
-Before using this method, be sure that you can receive text messages. Carrier rates may apply.
-
-{% warning %}
-
-**Warning:** We **strongly recommend** using a TOTP application for two-factor authentication instead of SMS, and security keys as backup methods instead of SMS. {% data variables.product.product_name %} doesn't support sending SMS messages to phones in every country. Before configuring authentication via text message, review the list of countries where {% data variables.product.product_name %} supports authentication via SMS. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported)".
-
-{% endwarning %}
+{% data reusables.two_fa.sms-warning %}
 
 {% data reusables.user-settings.access_settings %}
 {% data reusables.user-settings.security %}
 {% data reusables.two_fa.enable-two-factor-authentication %}
-1. At the bottom of the page, next to "SMS authentication", click **Select**.
-1. Complete the CAPTCHA challenge, which helps protect against spam and abuse.
-1. Under "Setup SMS authentication", select your country code and type your mobile phone number, including the area code. When your information is correct, click **Send authentication code**.
-1. You'll receive a text message with a security code. On {% data variables.product.product_name %}, type the code into the field under "Verify the code sent to your phone" and click **Continue**.
-   - If you need to edit the phone number you entered, you'll need to complete another CAPTCHA challenge.
+{% data reusables.two_fa.enable-sms-number-method %}
 {% data reusables.two_fa.save_your_recovery_codes_during_2fa_setup %}
 {% data reusables.two_fa.backup_options_during_2fa_enrollment %}
 

content/authentication/securing-your-account-with-two-factor-authentication-2fa/disabling-two-factor-authentication-for-your-personal-account.md

@@ -18,18 +18,20 @@ shortTitle: Disable 2FA
 {% data reusables.two_fa.mandatory-2fa-contributors-2023 %}
 {% endif %}
 
-We strongly recommend using two-factor authentication to secure your account. If you need to disable 2FA, we recommend re-enabling it as soon as possible.
-
-{% ifversion mandatory-2fa-dotcom-contributors %}
-If you are part of the group that {% data variables.product.prodname_dotcom %} is requiring to enroll in 2FA in 2023, you cannot disable 2FA. A banner will display in your authentication settings to remind you that you are not allowed to disable 2FA. For more information about our 2023 2FA enrollment rollout for contributors to {% data variables.product.prodname_dotcom_the_website %}, see [this blog post](https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13).
-{% endif %}
-
 {% warning %}
 
 **Warning:** If you're a member{% ifversion fpt or ghec %}, billing manager,{% endif %} or outside collaborator to a public repository of an organization that requires two-factor authentication and you disable 2FA, you'll be automatically removed from the organization, and you'll lose your access to their repositories. To regain access to the organization, re-enable two-factor authentication and contact an organization owner.
 
 {% endwarning %}
 
+We strongly recommend using two-factor authentication (2FA) to secure your account. If you need to disable 2FA, we recommend re-enabling it as soon as possible.
+
+{% ifversion mandatory-2fa-dotcom-contributors %}
+If you are part of the group that {% data variables.product.prodname_dotcom %} is requiring to enroll in 2FA in 2023, you cannot disable 2FA. A banner will display in your authentication settings to remind you that you are not allowed to disable 2FA. For more information about our 2023 2FA enrollment rollout for contributors to {% data variables.product.prodname_dotcom_the_website %}, see [this blog post](https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13).
+
+You can modify your existing 2FA configuration instead of disabling it entirely. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/changing-your-two-factor-authentication-method)."
+{% endif %}
+
 If your organization requires two-factor authentication and you're a member, owner, or an outside collaborator on a private repository of your organization, you must first leave your organization before you can disable two-factor authentication.
 
 To remove yourself from your organization:

content/authentication/securing-your-account-with-two-factor-authentication-2fa/index.md

@@ -18,7 +18,7 @@ children:
   - /configuring-two-factor-authentication-recovery-methods
   - /accessing-github-using-two-factor-authentication
   - /recovering-your-account-if-you-lose-your-2fa-credentials
-  - /changing-your-preferred-two-factor-authentication-method
+  - /changing-your-two-factor-authentication-method
   - /about-mandatory-two-factor-authentication
   - /countries-where-sms-authentication-is-supported
   - /disabling-two-factor-authentication-for-your-personal-account

data/reusables/two_fa/add-additional-method.md

@@ -0,0 +1,3 @@
+1. In "Two-factor methods", find the method you want to add. Next to that method, click **Add**.
+
+   ![Screenshot of the "Two-factor methods" settings. To the right of "SMS/Text message," a button labelled "Add" is outlined in orange.](/assets/images/help/2fa/add-sms-number-option.png)

data/reusables/two_fa/edit-existing-method.md

@@ -0,0 +1,3 @@
+1. In "Two-factor methods", find the method you want to modify. Next to that method, click **Edit**. If you have multiple methods configured, select {% octicon "kebab-horizontal" aria-label="Manage METHOD" %}, then click **Edit**.
+
+    ![Screenshot of the "Two-factor methods" settings. To the right of "Authenticator app," a dropdown menu, labeled with a kebab icon, is expanded and outlined in orange.](/assets/images/help/2fa/edit-2fa-method-dropdown.png)

data/reusables/two_fa/enable-sms-number-method.md

@@ -0,0 +1,5 @@
+1. Complete the CAPTCHA challenge, which helps protect against spam and abuse.
+1. Under "Verify account", select your country code and type your mobile phone number, including the area code. When your information is correct, click **Send authentication code**.
+1. You'll receive a text message with a security code. On {% data variables.product.product_name %}, type the code into the field under "Verify the code sent to your phone" and click **Continue**.
+
+   - If you need to edit the phone number you entered, you'll need to complete another CAPTCHA challenge.

data/reusables/two_fa/enable-totp-app-method.md

@@ -0,0 +1,22 @@
+{%- ifversion fpt or ghec or ghes > 3.8 %}
+1. Under "Scan the QR code", do one of the following:
+
+    - Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on {% data variables.product.product_name %}.
+    - If you can't scan the QR code, click **setup key** to see a code, the TOTP secret, that you can manually enter in your TOTP app instead.
+
+   ![Screenshot of the "Setup authenticator app" section of the 2FA settings. A link, labeled "setup key", is highlighted in orange.](/assets/images/help/2fa/ghes-3.8-and-higher-2fa-wizard-app-click-code.png)
+
+1. The TOTP application saves your account on {% data variables.location.product_location %} and generates a new authentication code every few seconds. On {% data variables.product.product_name %}, type the code into the field under "Verify the code from the app".
+{%- else %}
+1. Under "Two-factor authentication", select **Set up using an app** and click **Continue**.
+1. Under "Authentication verification", do one of the following:
+
+    - Scan the QR code with your mobile device's app. After scanning, the app displays a six-digit code that you can enter on {% data variables.product.product_name %}.
+    - If you can't scan the QR code, click **enter this text code** to see a code that you can manually enter in your TOTP app instead.
+
+    ![Screenshot of the 2FA enablement page. A link with the text "enter this text code" is highlighted in orange.](/assets/images/help/2fa/2fa-wizard-app-click-code.png)
+
+1. The TOTP application saves your account on {% data variables.location.product_location %} and generates a new authentication code every few seconds. On {% data variables.product.product_name %}, type the code into the field under "Enter the six-digit code from the application".
+{%- endif %}
+
+{% ifversion ghes < 3.9 %}{% data reusables.two_fa.test_2fa_immediately %}{% endif %}

data/reusables/two_fa/manual-totp-app-setup.md

@@ -0,0 +1,9 @@
+If you are unable to scan the setup QR code or wish to setup a TOTP app manually and require the parameters encoded in the QR code, they are:
+
+- Type: `TOTP`
+- Label: `GitHub:<username>` where `<username>` is your handle on {% data variables.product.prodname_dotcom %}, for example `monalisa`
+- Secret: This is the encoded setup key, shown if you click {%- ifversion fpt or ghec or ghes > 3.8 %} "Setup key" {%- else %} "Enter this text code" {%- endif %} during configuration
+- Issuer: `GitHub`
+- Algorithm: The default of SHA1 is used
+- Digits: The default of 6 is used
+- Period: The default of 30 (seconds) is used

data/reusables/two_fa/save-2fa-method-when-editing.md

@@ -0,0 +1 @@
+1. Click **Save** to save the method to your {% data variables.product.prodname_dotcom %} account.

data/reusables/two_fa/sms-warning.md

@@ -0,0 +1,7 @@
+Before using this method, be sure that you can receive text messages. Carrier rates may apply.
+
+{% warning %}
+
+**Warning:** We **strongly recommend** using a TOTP application for two-factor authentication instead of SMS, and security keys as backup methods instead of SMS. {% data variables.product.product_name %} doesn't support sending SMS messages to phones in every country. Before configuring authentication via text message, review the list of countries where {% data variables.product.product_name %} supports authentication via SMS. For more information, see "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/countries-where-sms-authentication-is-supported)."
+
+{% endwarning %}