GitCreating a GitHub Account

Creating a GitHub Account

Signing up for GitHub takes five minutes. Setting it up properly — picking a good username, turning on two-factor auth, choosing the right email privacy settings — takes another ten. Do both before you push your first commit; the choices you make now show up in every commit URL, every PR, every code search result, for the rest of your career.

Step-by-step signup

  • Go to github.com and click Sign up.

  • Enter your email address. Use a personal address you will keep — not your school or current-employer email.

  • Pick a password. Use a password manager; do not reuse one from another site.

  • Pick a username (more on this below).

  • Solve the puzzle CAPTCHA. Confirm via the code emailed to you.

  • Skip the survey questions if you want — you can always edit later.

  • Choose the free plan unless you know you need something else.

Picking a good username

Your username shows up in every URL: github.com/your-name, every commit author link, every PR you open in someone else's repo. It is hard (but not impossible) to change later, and renaming breaks old links. Choose like you mean it.

  • Lowercase, short, easy to type. jsmith beats John_Smith_1992.

  • Looks fine on a resume and a sticker. If you would not put it on a CV, skip it.

  • Avoid current employer names — you will leave that job.

  • Avoid year numbers — they age badly.

  • Real name or close to it is fine and often preferred for professional accounts.

  • Reserved characters: only letters, digits, and single hyphens are allowed.

Turn on 2FA immediately

GitHub now requires two-factor authentication for anyone who contributes to public repositories. Even if you are not yet required, turn it on today — your account holds keys, tokens, and code that attackers want.

  • Go to Settings → Password and authentication → Two-factor authentication.

  • Recommended primary method: a TOTP app (1Password, Authy, Aegis, Google Authenticator).

  • Even better: a hardware security key (YubiKey, Titan) as a second factor.

  • Avoid SMS if you can — SIM-swap attacks are real.

  • Save the recovery codes somewhere safe. If you lose your phone and have no recovery code, your account is gone.

Profile setup

  • Avatar — upload a recognisable image. Default identicons are fine for bots, not for people.

  • Display name — your real name is the safe choice for a professional account.

  • Bio — one line. What you do, in plain English.

  • Pronouns, location, website, social — fill in what you want public.

  • Profile README — see below for the special repo trick.

The profile README trick

If you create a repository whose name exactly matches your username and put a README.md inside it, that README is shown on your profile page. This is how people get those fancy profile landing pages.

Create the magic repo

Bash
# Replace 'jsmith' with your username
gh repo create jsmith --public --add-readme
git clone https://github.com/jsmith/jsmith.git
cd jsmith
# Edit README.md — anything you put here shows on your profile
Public vs private email

Every commit you push records the email in git config user.email. If that is your personal address, it ends up baked into public commit history forever. GitHub offers a no-reply email of the form <id>+<username>@users.noreply.github.com that hides your real address.

Use GitHub's no-reply email for commits

Bash
# Look up your no-reply address in Settings -> Emails.
# Then set it as your commit email globally:
git config --global user.email "12345678+jsmith@users.noreply.github.com"

# Or per-repository if you only want it on one project:
git config user.email "12345678+jsmith@users.noreply.github.com"

Also turn on Settings → Emails → Block command line pushes that expose my email so you cannot accidentally leak your real address from the wrong machine.

Settings to enable on day one

  • Two-factor authentication — as covered above. Non-negotiable.

  • Vigilant mode (Settings → SSH and GPG keys → Vigilant mode) — flags unsigned commits with an "Unverified" badge so impersonation is harder.

  • SSH key — set one up now (see SSH Keys page). Stops you typing passwords forever.

  • Notification preferences — most people get nuked by GitHub email. Mute repos you do not care about; switch to web-only notifications if you live in the GitHub UI.

  • Theme — Settings → Appearance. Dark mode if you like dark mode.

  • Sessions — periodically review Settings → Sessions and revoke devices you no longer use.

  • Authorized OAuth apps — review what has access. Revoke anything you do not recognise.

What your dashboard looks like on day one

Empty account, freshly set up

Text
+---------------------------------------------+
|  GitHub                                     |
|  +---------+   +-----------------------+    |
|  | Your    |   |  Activity feed         |   |
|  | repos:0 |   |  (empty for now)       |   |
|  +---------+   +-----------------------+    |
|                                             |
|  Quickstart: create your first repository   |
+---------------------------------------------+
Warning
Never reuse your GitHub password on any other site. GitHub accounts are constantly targeted because compromising one often means stealing source code, secrets in repos, deploy keys, and access to npm/PyPI publishing rights. Use a password manager and a unique long password — and that 2FA.
Your username is your brand
Once you start pushing commits, opening issues, and showing up in search results, your GitHub username becomes part of your professional identity. You will see it cited in job applications, talks, and your own resume. Pick something you will be happy seeing on a slide in five years.
Tip
Add your SSH key in the same session you create the account — you will be cloning a repo within minutes and the password prompts get old fast. Jump to the SSH Keys page when you are done here.