mirror of
https://gitea.com/gitea/docs.git
synced 2025-03-15 22:14:15 +00:00
Files
29 lines
1.4 KiB
Markdown
29 lines
1.4 KiB
Markdown
---
|
|
date: "2023-08-22T14:21:00+08:00"
|
|
slug: "multi-factor-authentication"
|
|
weight: 15
|
|
---
|
|
|
|
# Multi-factor Authentication (MFA)
|
|
|
|
Multi-factor Authentication (also referred to as MFA or 2FA) enhances security by requiring a time-sensitive set of credentials in addition to a password.
|
|
If a password were later to be compromised, logging into Gitea will not be possible without the additional credentials and the account would remain secure.
|
|
Gitea supports both TOTP (Time-based One-Time Password) tokens and FIDO-based hardware keys using the Webauthn API.
|
|
|
|
MFA can be configured within the "Security" tab of the user settings page.
|
|
|
|
## MFA Considerations
|
|
|
|
Enabling MFA on a user does affect how the Git HTTP protocol can be used with the Git CLI.
|
|
This interface does not support MFA, and trying to use a password normally will no longer be possible whilst MFA is enabled.
|
|
If SSH is not an option for Git operations, an access token can be generated within the "Applications" tab of the user settings page.
|
|
This access token can be used as if it were a password in order to allow the Git CLI to function over HTTP.
|
|
|
|
:::warning
|
|
By its very nature, an access token sidesteps the security benefits of MFA.
|
|
It must be kept secure and should only be used as a last resort.
|
|
:::
|
|
|
|
The Gitea API supports providing the relevant TOTP password in the `X-Gitea-OTP` header, as described in [API Usage](development/api-usage.md).
|
|
This should be used instead of an access token where possible.
|