How to Enable Two Factor Authentication on GitHub and GitLab
Why 2FA?
2FA, or 2 factor authentication, is a security mechanism by which a new log-in is granted only after the user presents a second evidence of ownership (the first one being the typical username+password tuple). The second evidence is typically one of:
- Mobile Application (recommended)
- Token device
- SMS
- Printed codes
Now-days is very easy for a hacker to gain illegal access to an account that is only password protected. 2FA, done right, makes it much harder and, hence, more secure. At RidgeRun we enforce 2FA on GitHub and GitLab (or any other online source code management platform being used) for the sake of security and privacy.
![]() | You should really use 2FA in all your online accounts |
Side Effects of 2FA
When enabling two factor authentication on GitHub and GitLab, two things will change:
- A second authentication mechanism will be required for a new login.
- You password will stop working to clone and push to repositories.
Personal Access Tokens
Personal Access Token (PAT) will be used instead of you password to interact with repositories. The advantage is that you can generate several tokens and fine tune the permissions on each of them.
Here are some rules of thumb:
- Use SSH cloning (git@github.com:RidgeRun/repo) whenever possible.
- Don't upload an SSH key from a shared device.
- Create a PAT for each script independently.
- Revoke PATs that are not being used.
- Make sure you only grant the permissions that are strictly necessary.
GitHub
2FA
To enable 2FA on GitHub you may follow the official GitHub instructions.
![]() | Please prefer TOTP application 2FA before SMS. |
Personal Access Token
To create a Personal Access Token on GitHub you may follow the official GitHub instructions.
![]() | Make sure you only grant the permissions that are strictly necessary. |
GitLab
2FA
To enable 2FA on GitLab you may follow the official GitLab instructions.
![]() | Please prefer TOTP application 2FA before SMS. |
Personal Access Token
To create a Personal Access Token on GitLab you may follow the official GitLab instructions.
![]() | Make sure you only grant the permissions that are strictly necessary. |