With the release of GitLab 8.9, GitLab now supports the FIDO Universal 2nd Factor (U2F) protocol for user authentication with the added layer of hardware security from YubiKey. We're excited to expand our authentication capabilities to include U2F devices. U2F changes the game for online authentication because it uses public key cryptography and has built-in support to prevent phishing. This higher level of authentication enables developers to maintain the security of their servers, code, sites, and more from a single source.

Importance of account security

With the steady rise of new devices and the growing capabilities of existing ones, the average user logs into networks, applications, or platforms from a variety of different devices. While device flexibility is great from a user perspective, it represents significant security challenges for organizations and developers. Each new access point makes it tougher to fend off malicious attacks particularly phishing while maintaining the integrity of accounts and systems.

Support for U2F YubiKey

YubiKeys reduce the number of steps you have to take to access your accounts, while still maintaining usability and providing secure authentication with just a touch of the YubiKey. With U2F, you can now authenticate by inserting their YubiKey into the USB port when prompted. You'll activate your YubiKey by simply pressing the button on the device.

The same U2F YubiKey that works with GitLab also works for logging into a growing number of other services, including Google, Dropbox, and Dashlane, without any personal data or encryption secrets shared between service providers. With YubiKeys, there are no drivers or client software to install.

Enabling two-factor authentication via U2F

GitLab has supported two-factor authentication since the release of GitLab 7.11, adding device-enabled 2nd factor authentication provides an additional layer of security. If you're interested in enabling two-factor authentication with a U2F device, follow the steps in our documentation. Of course, you have the option to choose the authentication method that is best for you.

30天免费试用极狐GitLab专业版

极狐GitLab不仅是源代码管理或CI/CD工具,它是一个覆盖完整软件开发生命周期和DevOps的开放式一体化平台。

免费试用
Git为Software Freedom Conservancy的注册商标,GitLab为GitLab B.V.的注册商标,我们已获授权使用“极狐GitLab”。 鄂ICP备2021008419号-1

免费试用极狐GitLab 30天

有疑问? 联系我们

Gitlab x icon svg