BigW Consortium Gitlab

two_factor_authentication.md 2.63 KB
Newer Older
Robert Speicher committed
1 2 3 4 5 6 7 8 9 10
# Two-factor Authentication (2FA)

Two-factor Authentication (2FA) provides an additional level of security to your
GitLab account. Once enabled, in addition to supplying your username and
password to login, you'll be prompted for a code generated by an application on
your phone.

By enabling 2FA, the only way someone other than you can log into your account
is to know your username and password *and* have access to your phone.

11 12 13 14
#### Note
When you enable 2FA, don't forget to back up your recovery codes. For your safety, if you
lose your codes for GitLab.com, we can't disable or recover them.  

Robert Speicher committed
15 16 17 18 19 20
## Enabling 2FA

**In GitLab:**

1. Log in to your GitLab account.
1. Go to your **Profile Settings**.
21
1. Go to **Account**.
Robert Speicher committed
22 23
1. Click **Enable Two-factor Authentication**.

24
![Two-factor setup](2fa.png)
Robert Speicher committed
25 26 27

**On your phone:**

28
1. Install a compatible application. We recommend [Google Authenticator]
rugk committed
29
\(proprietary\) or [FreeOTP] \(open source\).
Robert Speicher committed
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
1. In the application, add a new entry in one of two ways:
    * Scan the code with your phone's camera to add the entry automatically.
    * Enter the details provided to add the entry manually.

**In GitLab:**

1. Enter the six-digit pin number from the entry on your phone into the **Pin
   code** field.
1. Click **Submit**.

If the pin you entered was correct, you'll see a message indicating that
Two-factor Authentication has been enabled, and you'll be presented with a list
of recovery codes.

## Recovery Codes

Should you ever lose access to your phone, you can use one of the ten provided
backup codes to login to your account. We suggest copying or printing them for
storage in a safe place. **Each code can be used only once** to log in to your
account.

If you lose the recovery codes or just want to generate new ones, you can do so
52
from the **Profile Settings** > **Account** page where you first enabled 2FA.
Robert Speicher committed
53 54 55 56 57 58 59 60

## Logging in with 2FA Enabled

Logging in with 2FA enabled is only slightly different than a normal login.
Enter your username and password credentials as you normally would, and you'll
be presented with a second prompt for an authentication code. Enter the pin from
your phone's application or a recovery code to log in.

61
![Two-factor authentication on sign in](2fa_auth.png)
Robert Speicher committed
62 63 64 65 66

## Disabling 2FA

1. Log in to your GitLab account.
1. Go to your **Profile Settings**.
67
1. Go to **Account**.
Robert Speicher committed
68 69
1. Click **Disable Two-factor Authentication**.

70 71 72 73 74
## Note to GitLab administrators

You need to take special care to that 2FA keeps working after
[restoring a GitLab backup](../raketasks/backup_restore.md).

Robert Speicher committed
75
[Google Authenticator]: https://support.google.com/accounts/answer/1066447?hl=en
76
[FreeOTP]: https://fedorahosted.org/freeotp/