Skip to content

Commit 022c6b2

Browse files
lunnytechknowlogicksilverwind
authored and
GiteaBot
committed
add mfa doc (go-gitea#26654)
copy and modified from go-gitea#14572 > Whilst debating enforcing MFA within our team, I realised there isn't a lot of context to the side effects of enabling it. Most of us use Git over HTTP and would need to add a token. I plan to add another PR that adds a sentence to the UI about needing to generate a token when enabling MFA if HTTP is to be used. --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io>
1 parent e1fa3d1 commit 022c6b2

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

docs/content/usage/multi-factor-authentication.en-us.md

+35
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
---
2+
date: "2023-08-22T14:21:00+08:00"
3+
title: "Usage: Multi-factor Authentication (MFA)"
4+
slug: "multi-factor-authentication"
5+
weight: 15
6+
toc: false
7+
draft: false
8+
menu:
9+
sidebar:
10+
parent: "usage"
11+
name: "Multi-factor Authentication (MFA)"
12+
weight: 15
13+
identifier: "multi-factor-authentication"
14+
---
15+
16+
# Multi-factor Authentication (MFA)
17+
18+
Multi-factor Authentication (also referred to as MFA or 2FA) enhances security by requiring a time-sensitive set of credentials in addition to a password.
19+
If a password were later to be compromised, logging into Gitea will not be possible without the additional credentials and the account would remain secure.
20+
Gitea supports both TOTP (Time-based One-Time Password) tokens and FIDO-based hardware keys using the Webauthn API.
21+
22+
MFA can be configured within the "Security" tab of the user settings page.
23+
24+
## MFA Considerations
25+
26+
Enabling MFA on a user does affect how the Git HTTP protocol can be used with the Git CLI.
27+
This interface does not support MFA, and trying to use a password normally will no longer be possible whilst MFA is enabled.
28+
If SSH is not an option for Git operations, an access token can be generated within the "Applications" tab of the user settings page.
29+
This access token can be used as if it were a password in order to allow the Git CLI to function over HTTP.
30+
31+
> **Warning** - By its very nature, an access token sidesteps the security benefits of MFA.
32+
> It must be kept secure and should only be used as a last resort.
33+
34+
The Gitea API supports providing the relevant TOTP password in the `X-Gitea-OTP` header, as described in [API Usage](development/api-usage.md).
35+
This should be used instead of an access token where possible.

0 commit comments

Comments
 (0)