gitlab-org--gitlab-foss/doc/profile/two_factor_authentication.md
2015-08-18 15:56:38 -07:00

2.6 KiB

Two-factor Authentication (2FA)

Two-factor Authentication (2FA) provides an additional level of security to your GitLab account. Once enabled, in addition to supplying your username and password to login, you'll be prompted for a code generated by an application on your phone.

By enabling 2FA, the only way someone other than you can log into your account is to know your username and password and have access to your phone.

Note

When you enable 2FA, don't forget to back up your recovery codes. For your safety, if you lose your codes for GitLab.com, we can't disable or recover them.

Enabling 2FA

In GitLab:

  1. Log in to your GitLab account.
  2. Go to your Profile Settings.
  3. Go to Account.
  4. Click Enable Two-factor Authentication.

Two-factor setup

On your phone:

  1. Install a compatible application. We recommend Google Authenticator proprietary or FreeOTP open source.
  2. In the application, add a new entry in one of two ways:
    • Scan the code with your phone's camera to add the entry automatically.
    • Enter the details provided to add the entry manually.

In GitLab:

  1. Enter the six-digit pin number from the entry on your phone into the Pin code field.
  2. Click Submit.

If the pin you entered was correct, you'll see a message indicating that Two-factor Authentication has been enabled, and you'll be presented with a list of recovery codes.

Recovery Codes

Should you ever lose access to your phone, you can use one of the ten provided backup codes to login to your account. We suggest copying or printing them for storage in a safe place. Each code can be used only once to log in to your account.

If you lose the recovery codes or just want to generate new ones, you can do so from the Profile Settings > Account page where you first enabled 2FA.

Logging in with 2FA Enabled

Logging in with 2FA enabled is only slightly different than a normal login. Enter your username and password credentials as you normally would, and you'll be presented with a second prompt for an authentication code. Enter the pin from your phone's application or a recovery code to log in.

Two-factor authentication on sign in

Disabling 2FA

  1. Log in to your GitLab account.
  2. Go to your Profile Settings.
  3. Go to Account.
  4. Click Disable Two-factor Authentication.

Note to GitLab administrators

You need to take special care to that 2FA keeps working after restoring a GitLab backup.