Authentication
Protect your account in 3 steps
Your GitLab account provides access to everything your team is working on. Keep their projects safe.
- Choose a strong, secure password. Bonus points if you generate and store it in a password management system.
- Enable two-factor authentication (2FA). This one-time secret code is an additional safeguard that keeps intruders out—even if they have your password.
- Add a back-up email. Can’t log into GitLab? Lost access to your primary email account? Our support team can use your back-up email to help you log in fast.
Your account checklist
- Save/print your recovery codes. If you can’t access your authentication device, you’ll need these to log in to your GitLab account.
- Secure every user account. Enforce 2FA for all users (highly recommended for self-managed admins); otherwise, users must individually enable this protection.
- Add an SSH key to your profile. Users often forget to save their recovery codes. You can generate new codes as needed with SSH.
- Enable personal access tokens. When using 2FA, you’ll need these to access the GitLab API.
I hope you found this quick guide useful! For more security best practices, check out this blog.