2015-06-02 18:39:20 -04:00
|
|
|
# Two-factor Authentication (2FA)
|
|
|
|
|
|
|
|
Two-factor Authentication (2FA) provides an additional level of security to your
|
|
|
|
GitLab account. Once enabled, in addition to supplying your username and
|
|
|
|
password to login, you'll be prompted for a code generated by an application on
|
|
|
|
your phone.
|
|
|
|
|
|
|
|
By enabling 2FA, the only way someone other than you can log into your account
|
|
|
|
is to know your username and password *and* have access to your phone.
|
|
|
|
|
|
|
|
## Enabling 2FA
|
|
|
|
|
|
|
|
**In GitLab:**
|
|
|
|
|
|
|
|
1. Log in to your GitLab account.
|
|
|
|
1. Go to your **Profile Settings**.
|
2015-06-03 09:35:13 -04:00
|
|
|
1. Go to **Account**.
|
2015-06-02 18:39:20 -04:00
|
|
|
1. Click **Enable Two-factor Authentication**.
|
|
|
|
|
2015-06-03 09:35:13 -04:00
|
|
|
![Two-factor setup](2fa.png)
|
2015-06-02 18:39:20 -04:00
|
|
|
|
|
|
|
**On your phone:**
|
|
|
|
|
2015-06-05 09:16:47 -04:00
|
|
|
1. Install a compatible application. We recommend [Google Authenticator]
|
2015-06-06 08:34:40 -04:00
|
|
|
\(proprietary\) or [FreeOTP] \(open source\).
|
2015-06-02 18:39:20 -04:00
|
|
|
1. In the application, add a new entry in one of two ways:
|
|
|
|
* Scan the code with your phone's camera to add the entry automatically.
|
|
|
|
* Enter the details provided to add the entry manually.
|
|
|
|
|
|
|
|
**In GitLab:**
|
|
|
|
|
|
|
|
1. Enter the six-digit pin number from the entry on your phone into the **Pin
|
|
|
|
code** field.
|
|
|
|
1. Click **Submit**.
|
|
|
|
|
|
|
|
If the pin you entered was correct, you'll see a message indicating that
|
|
|
|
Two-factor Authentication has been enabled, and you'll be presented with a list
|
|
|
|
of recovery codes.
|
|
|
|
|
|
|
|
## Recovery Codes
|
|
|
|
|
|
|
|
Should you ever lose access to your phone, you can use one of the ten provided
|
|
|
|
backup codes to login to your account. We suggest copying or printing them for
|
|
|
|
storage in a safe place. **Each code can be used only once** to log in to your
|
|
|
|
account.
|
|
|
|
|
|
|
|
If you lose the recovery codes or just want to generate new ones, you can do so
|
2015-06-10 17:11:04 -04:00
|
|
|
from the **Profile Settings** > **Account** page where you first enabled 2FA.
|
2015-06-02 18:39:20 -04:00
|
|
|
|
|
|
|
## Logging in with 2FA Enabled
|
|
|
|
|
|
|
|
Logging in with 2FA enabled is only slightly different than a normal login.
|
|
|
|
Enter your username and password credentials as you normally would, and you'll
|
|
|
|
be presented with a second prompt for an authentication code. Enter the pin from
|
|
|
|
your phone's application or a recovery code to log in.
|
|
|
|
|
2015-06-03 09:35:13 -04:00
|
|
|
![Two-factor authentication on sign in](2fa_auth.png)
|
2015-06-02 18:39:20 -04:00
|
|
|
|
|
|
|
## Disabling 2FA
|
|
|
|
|
|
|
|
1. Log in to your GitLab account.
|
|
|
|
1. Go to your **Profile Settings**.
|
2015-06-10 17:11:04 -04:00
|
|
|
1. Go to **Account**.
|
2015-06-02 18:39:20 -04:00
|
|
|
1. Click **Disable Two-factor Authentication**.
|
|
|
|
|
2015-07-21 08:35:58 -04:00
|
|
|
## Note to GitLab administrators
|
|
|
|
|
|
|
|
You need to take special care to that 2FA keeps working after
|
|
|
|
[restoring a GitLab backup](../raketasks/backup_restore.md).
|
|
|
|
|
2015-06-02 18:39:20 -04:00
|
|
|
[Google Authenticator]: https://support.google.com/accounts/answer/1066447?hl=en
|
2015-06-10 17:11:04 -04:00
|
|
|
[FreeOTP]: https://fedorahosted.org/freeotp/
|