Gitlab update, 2FA now mandatory

Mathias Homann Mathias.Homann at opensuse.org
Mon Oct 24 06:32:23 BST 2022 

Am Montag, 24. Oktober 2022, 01:16:30 CEST schrieb Jack:
> On 2022.10.23 02:32, Ben Cooksley wrote:
> > Hi all,
> > 
> > This afternoon I updated invent.kde.org to the latest version of
> > Gitlab,
> > 15.5.
> > Release notes for this can be found at
> > https://about.gitlab.com/releases/2022/10/22/gitlab-15-5-released/
> > 
> > There isn't much notable feature wise in this release, however there
> > have
> > been some bug fixes surrounding the "Rebase without Pipeline"
> > functionality that was introduced in an earlier update.
> > 
> > As part of securing Invent against recently detected suspicious
> > activity I
> > have also enabled Mandatory 2FA, which Gitlab will ask you to
> > configure
> > next time you access it. This can be done using either a Webauthn
> > token
> > (such as a Yubikey) or TOTP (using the app of choice on your phone)
> > 
> > Should you lose access to your 2FA device you can obtain a recovery
> > token
> > to log back in via SSH, see
> > https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.
> > html#generate-new-recovery-codes-using-ssh for more details on this.
> > 
> > Please let us know if there are any queries on the above.
> > 
> > Thanks,
> > Ben
> 
> Sorry to be dense, but without a webauthn token device, it seems I'm at
> a total block if I don't have a phone (or don't have it with me.)  Is
> that correct, or is there some fine manual I need to read?

There is (at least) OTPClient on linux, and 2Fast on windows that can both 
manage your 2FA keys for you in the same way that an app on a phone would. I'm 
in fact using them both, and keep my keys in sync by importing exports from 
FreeOTP+ which I use on my phone.


Cheers
MH


-- 
Mathias Homann
Mathias.Homann at openSUSE.org
Jabber (XMPP): lemmy at tuxonline.tech
Matrix: @mathias:eregion.de
IRC: [Lemmy] on freenode and ircnet (bouncer active)
keybase: https://keybase.io/lemmy
gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-community/attachments/20221024/1e4d6fa2/attachment.sig>

More information about the kde-community mailing list