How to remove me from the Force-to-use-2FA account list?

[NanaGlutamate]

Select Topic Area

Question

Body

I have build a release for a small repository of mine just for test, which triggered Force-to-use-2FA on me. But, it's not convenient to use 2FA in China. Since I've already delete the release of that repository, is there a way to remove me from the Force-to-use-2FA list?
releated blog: https://github.blog/news-insights/product-news/raising-the-bar-for-software-security-github-2fa-begins-march-13/

[s3raph-x00]

I know it's not convenient but I would use the Duo APK from https://dl.duosecurity.com/DuoMobile-latest.apk. There are a few work arounds for not being able to leverage the Google Play store's APIs/Push notification but the work arounds are roughly discussed here: https://www.coloradocollege.edu/offices/its/guides/mfa-china.html.

Another alternative is Microsoft Authenticator which Microsoft describes here:

https://support.microsoft.com/zh-cn/account-billing/%E5%9C%A8%E4%B8%AD%E5%9B%BD%E4%B8%8B%E8%BD%BDmicrosoft-authenticator-ebbef05c-a429-4236-8570-1bb1900fec35#ID0EBJ=Android

Hopefully that helps.

[NanaGlutamate]

thanks for your help, I will try it!

[Priyans17]

Once GitHub flags your account under the mandatory 2FA requirement for contributors to certain repositories, it usually cannot be reversed automatically just by deleting a release. The enforcement is based on activity such as publishing packages, releases, or contributing to ecosystems where GitHub requires stronger security.

A few important points:

The requirement is account-level, not repository-level.
Even if you delete the release or repository, GitHub may still keep the 2FA requirement on your account.

GitHub generally does not provide a way to opt out.
Since the March 13 rollout of mandatory 2FA for maintainers and contributors, users flagged by the system must enable it to continue performing certain actions.

You can still use 2FA without Google services.
If Google services are unavailable, these options work well:

TOTP authenticator apps like Microsoft Authenticator, Aegis, or FreeOTP (they work offline).

Hardware security keys (FIDO2/U2F like YubiKey).

Backup codes generated by GitHub after enabling 2FA.

Best workaround in restricted regions
Since TOTP is based on a shared secret and time synchronization, it does not require internet connectivity or Google Play services. Most authenticator apps will work normally even in restricted environments.

If you believe your account was incorrectly flagged, the only real option would be contacting GitHub Support and asking if they can review the enforcement status:
https://support.github.com/contact

[DeveloperVaibhav1]

I understand that the 2FA requirement is applied at the account level and may not be removed even if the release is deleted. If there is no way to opt out, I will try using an offline authenticator app like Aegis or Microsoft Authenticator. I will also contact GitHub Support to see if they can review my account.