How to keep your GitLab account safe (and accessible)

Aug 9, 2018 · 3 min read · Leave a comment
Lyle Kozloff GitLab profile

The Support Team has seen a lot of unfortunate situations where people have lost access to their accounts for very preventable reasons. Here are some quick tips to keep your account secure and to ensure you're always able to log in.

1. Use 2FA (and print your recovery codes)

More and more people are setting up two-factor authentication (2FA) to keep their account secure, but things do happen to that second factor. Phones get lost or stolen, and suddenly you’re locked out of your account. Please do set up 2FA, but also make sure you keep a backup of your recovery codes.

If you've got access to a printer: print them!

Maybe even better? Store a copy of your recovery codes in a password manager so you won’t lose them.

2. Set up an SSH key (so that you can generate new recovery codes)

Did you know that you can generate recovery codes with an SSH key? If you somehow lost your recovery codes, you can generate new ones by simply running ssh 2fa_recovery_codes. So, even if you don’t use SSH much, it might pay off to have a key added to your GitLab account.

3. Add a backup email on your account

Many of our users have vanity or company domains on their accounts. But, what happens if you leave the company or forget to pay your domain registration? Suddenly you’re unable to receive password reset emails and are writing into Support from an unknown email address (it's difficult for the Support Team to verify your identity if you contact us from a different email address).

Go ahead and use a custom domain, but consider having a backup email address from a well-known public provider.

4. Use your real name on your account profile

When we’re evaluating whether or not to restore an account or remove 2FA, it makes the call harder when the name on the account is L33T H4X0R (unless, of course, that’s what is on your passport). We understand if you prefer not to include your real name for privacy reasons, but do know that we may be unable to help you recover your accounts if all of the above have not been implemented. If your real name isn't an option, consider adding other online identities to your profile.

Hopefully these tips will help you secure and access your accounts. For the security and privacy of our users, the Support Team is required to be very stringent when it comes to helping you recover your accounts. We hope that this article will help you stay in control at all times!

Photo by Jon Moore on Unsplash

Open in Web IDE View source