In the same way, to use 2FA you must first link (synchronize) your smartphone with the GitLab server, such that the server can later check that you still own this smartphone. When you create your account you must define your password, such that the GitLab server can verify your identity when you come back. If the password AND the PIN code you type are correct, your are properly authenticated. If the PIN code you type is correct, it means you are the owner of the smartphone (or at least that you are able to unlock the smartphone). Unlike a classical password, this generated PIN code changes overtime.
This app generates a PIN code that you must enter when you login. To show you are the owner of the smartphone, you must use an app called a One-Time-Password generator (OTP). and using something you only should own: usually your smartphone.using something you only should know: your password.
When 2FA is enabled, your identity is verified twice when you login (with 2 factors): To add an additional layer of protection, you can (and should) configure 2-Factor Authentication (2FA). But still, by default all your work on GitLab is protected by a single password, which could be guessed or stolen. GitLab is a very powerful tool, and it also implements decent security measures and protections.
0 kommentar(er)
