documentation: Add page on Multi-factor Authentication

Author: jamesorlakin

docs/content/doc/usage/multi-factor-authentication.en-us.md

@@ -0,0 +1,34 @@
+---
+date: "2021-02-04T18:00:00+00:00"
+title: "Usage: Multi-factor Authentication (MFA)"
+slug: "multi-factor-authentication"
+weight: 15
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Multi-factor Authentication (MFA)"
+    weight: 15
+    identifier: "multi-factor-authentication"
+---
+
+# Multi-factor Authentication (MFA)
+
+Multi-factor Authentication (also referred to as MFA or 2FA) enhances security by requiring a time-sensitive set of credentials in addition to a password.
+If a password were later to be compromised, Gitea would still not allow a successful login and the account would remain secure.
+Gitea supports both TOTP (Time-based One-Time Password) tokens and FIDO-based hardware keys.
+
+MFA can be configured within the "Security" tab of the user settings page.
+
+## Using MFA
+
+Enabling MFA on a user does affect how the Git HTTP protocol and the Gitea API can be used.
+These interfaces do not support MFA, and trying to use a password normally will no longer be possible whilst MFA is enabled.
+However, an access token can be generated within the "Applications" tab of the user settings page.
+This access token can be used as if it were a password in order to use these interfaces.
+
+> **Warning** - By its very nature, an access token sidesteps the security benefits of MFA.
+> It must be kept secure and should only be used as a last resort.
+
+Using Git over SSH is separate to the normal authentication process and will still function normally.