GitHub urges users to enable 2FA after going passwordless
While SMS-based 2FA is also available, GitHub urges users to choose security keys or TOTPs wherever possible since SMS is less secure given that threat actors can bypass or steal SMS 2FA auth tokens.