mirror of
https://github.com/go-gitea/gitea.git
synced 2025-12-20 15:30:29 +01:00
35 lines
1.4 KiB
Markdown
35 lines
1.4 KiB
Markdown
---
|
|
date: "2021-02-04T18:00:00+00:00"
|
|
title: "Usage: Multi-factor Authentication (MFA)"
|
|
slug: "multi-factor-authentication"
|
|
weight: 15
|
|
toc: false
|
|
draft: false
|
|
menu:
|
|
sidebar:
|
|
parent: "usage"
|
|
name: "Multi-factor Authentication (MFA)"
|
|
weight: 15
|
|
identifier: "multi-factor-authentication"
|
|
---
|
|
|
|
# Multi-factor Authentication (MFA)
|
|
|
|
Multi-factor Authentication (also referred to as MFA or 2FA) enhances security by requiring a time-sensitive set of credentials in addition to a password.
|
|
If a password were later to be compromised, Gitea would still not allow a successful login and the account would remain secure.
|
|
Gitea supports both TOTP (Time-based One-Time Password) tokens and FIDO-based hardware keys.
|
|
|
|
MFA can be configured within the "Security" tab of the user settings page.
|
|
|
|
## Using MFA
|
|
|
|
Enabling MFA on a user does affect how the Git HTTP protocol and the Gitea API can be used.
|
|
These interfaces do not support MFA, and trying to use a password normally will no longer be possible whilst MFA is enabled.
|
|
However, an access token can be generated within the "Applications" tab of the user settings page.
|
|
This access token can be used as if it were a password in order to use these interfaces.
|
|
|
|
> **Warning** - By its very nature, an access token sidesteps the security benefits of MFA.
|
|
> It must be kept secure and should only be used as a last resort.
|
|
|
|
Using Git over SSH is separate to the normal authentication process and will still function normally.
|