Change of policy on GitLab account creation/login?

Dave Cooper david.cooper at
Tue Oct 23 21:37:12 UTC 2018


I just saw the announcement on the site. Thanks for following up on this.

Couple question:

  o Do we have to buy some kind of hardware keys now?

  o Will the 2FA affect git push & pull as well? Or just logging in to the
actual website?



On Sun, Oct 7, 2018 at 21:34 Raymond Toy <toy.raymond at> wrote:

> On Sun, Oct 7, 2018 at 11:14 AM Erik Huelsmann <ehuels at> wrote:
>> Given that situation and's experience, I wasn't going to
>> submit myself to a maintenance burden like that. However, now that we have
>> 2FA and we can require accounts to be blocked until they set up 2FA, I'm
>> thinking that's an additional barrier on entry, which I hope is enough to
>> keep spammers out.
> That seems quite reasonable.
>>> Are you going to require 2FA for existing accounts as well?  And what
>>> 2FA methods will you support?  SMS?  Google Authenticator app?  Security
>>> (FIDO) keys?  (I'm finally going to set up 2FA for my personal accounts
>>> using security keys, so this comes at a good time. I've had to add 2FA to
>>> my github account already, using the authenticator app.)
>> I've actually been using my FIDO key successfully to log into the admin
>> account for the last half year or so. While I can't force people to shell
>> out for a Yubi key v4 or v5, I'd love for people to get a U2F key at the
>> bare minimum. It used to be supported only by Chrome, but FireFox has U2F
>> support now too. (And my experience over the past 6 months has been with
>> FireFox exclusively.)
>> U2F keys exist at reasonable prices of less than 10$.
> That's quite reasonable for the security.  It is a bit of a hassle because
> when I'm at home, since I won't be carrying a key with me, but I guess I
> should just get more keys to plug into my computers
My Best,

Dave Cooper, david.cooper at,
+1 248-330-2979
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the clo-devel mailing list