Blog Company How to keep your GitLab account safe (and accessible)
Published on August 9, 2018
3 min read

How to keep your GitLab account safe (and accessible)

Some practical tips from the Support Team to make sure you can get into your account when (not if!) disaster strikes.


The Support Team has seen a lot of unfortunate situations where people have lost access to their accounts for very preventable reasons. Here are some quick tips to keep your account secure and to ensure you're always able to log in.

1. Use 2FA (and print your recovery codes)

More and more people are setting up two-factor authentication (2FA) to keep their account secure, but things do happen to that second factor. Phones get lost or stolen, and suddenly you’re locked out of your account. Please do set up 2FA, but also make sure you keep a backup of your recovery codes.

If you've got access to a printer: print them!

Maybe even better? Store a copy of your recovery codes in a password manager so you won’t lose them.

2. Set up an SSH key (so that you can generate new recovery codes)

Did you know that you can generate recovery codes with an SSH key? If you somehow lost your recovery codes, you can generate new ones by simply running ssh [email protected] 2fa_recovery_codes. So, even if you don’t use SSH much, it might pay off to have a key added to your GitLab account.

3. Add a backup email on your account

Many of our users have vanity or company domains on their accounts. But, what happens if you leave the company or forget to pay your domain registration? Suddenly you’re unable to receive password reset emails and are writing into Support from an unknown email address (it's difficult for the Support Team to verify your identity if you contact us from a different email address).

Go ahead and use a custom domain, but consider having a backup email address from a well-known public provider.

4. Use your real name on your account profile

When we’re evaluating whether or not to restore an account or remove 2FA, it makes the call harder when the name on the account is L33T H4X0R (unless, of course, that’s what is on your passport). We understand if you prefer not to include your real name for privacy reasons, but do know that we may be unable to help you recover your accounts if all of the above have not been implemented. If your real name isn't an option, consider adding other online identities to your profile.

Hopefully these tips will help you secure and access your accounts. For the security and privacy of our users, the Support Team is required to be very stringent when it comes to helping you recover your accounts. We hope that this article will help you stay in control at all times!

Photo by Jon Moore on Unsplash

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert