Commit ca665d01 authored by Marc Schwede's avatar Marc Schwede Committed by Filipa Lacerda

Resolve "2FA mobile options should be rephrased"

parent 8e349069
%p.slead %p.slead
Should you ever lose your phone, each of these recovery codes can be used one Should you ever lose your phone or access to your one time password secret, each of these recovery codes can be used one
time each to regain access to your account. Please save them in a safe place, or you time each to regain access to your account. Please save them in a safe place, or you
%b will %b will
lose access to your account. lose access to your account.
......
...@@ -6,13 +6,13 @@ ...@@ -6,13 +6,13 @@
.row.prepend-top-default .row.prepend-top-default
.col-lg-4 .col-lg-4
%h4.prepend-top-0 %h4.prepend-top-0
Register Two-Factor Authentication App Register Two-Factor Authenticator
%p %p
Use an app on your mobile device to enable two-factor authentication (2FA). Use an one time password authenticator on your mobile device or computer to enable two-factor authentication (2FA).
.col-lg-8 .col-lg-8
- if current_user.two_factor_otp_enabled? - if current_user.two_factor_otp_enabled?
%p %p
You've already enabled two-factor authentication using mobile authenticator applications. In order to register a different device, you must first disable two-factor authentication. You've already enabled two-factor authentication using one time password authenticators. In order to register a different device, you must first disable two-factor authentication.
%p %p
If you lose your recovery codes you can generate new ones, invalidating all previous codes. If you lose your recovery codes you can generate new ones, invalidating all previous codes.
%div %div
......
---
title: Rephrase 2FA and TOTP documentation and view
merge_request: 21998
author: Marc Schwede
type: other
...@@ -2,18 +2,18 @@ ...@@ -2,18 +2,18 @@
Two-factor Authentication (2FA) provides an additional level of security to your Two-factor Authentication (2FA) provides an additional level of security to your
GitLab account. Once enabled, in addition to supplying your username and GitLab account. Once enabled, in addition to supplying your username and
password to login, you'll be prompted for a code generated by an application on password to login, you'll be prompted for a code generated by your one time password
your phone. authenticator. For example, a password manager on one of your devices.
By enabling 2FA, the only way someone other than you can log into your account By enabling 2FA, the only way someone other than you can log into your account
is to know your username and password *and* have access to your phone. is to know your username and password *and* have access to your one time password secret.
## Overview ## Overview
> **Note:** > **Note:**
When you enable 2FA, don't forget to back up your recovery codes. When you enable 2FA, don't forget to back up your recovery codes.
In addition to a phone application, GitLab supports U2F (universal 2nd factor) devices as In addition to one time authenticators (TOTP), GitLab supports U2F (universal 2nd factor) devices as
the second factor of authentication. Once enabled, in addition to supplying your username and the second factor of authentication. Once enabled, in addition to supplying your username and
password to login, you'll be prompted to activate your U2F device (usually by pressing password to login, you'll be prompted to activate your U2F device (usually by pressing
a button on it), and it will perform secure authentication on your behalf. a button on it), and it will perform secure authentication on your behalf.
...@@ -24,10 +24,10 @@ from other browsers. ...@@ -24,10 +24,10 @@ from other browsers.
## Enabling 2FA ## Enabling 2FA
There are two ways to enable two-factor authentication: via a mobile application There are two ways to enable two-factor authentication: via a one time password authenticator
or a U2F device. or a U2F device.
### Enable 2FA via mobile application ### Enable 2FA via one time password authenticator
**In GitLab:** **In GitLab:**
...@@ -82,7 +82,7 @@ Click on **Register U2F Device** to complete the process. ...@@ -82,7 +82,7 @@ Click on **Register U2F Device** to complete the process.
> **Note:** > **Note:**
Recovery codes are not generated for U2F devices. Recovery codes are not generated for U2F devices.
Should you ever lose access to your phone, you can use one of the ten provided Should you ever lose access to your one time password authenticator, you can use one of the ten provided
backup codes to login to your account. We suggest copying or printing them for backup codes to login to your account. We suggest copying or printing them for
storage in a safe place. **Each code can be used only once** to log in to your storage in a safe place. **Each code can be used only once** to log in to your
account. account.
...@@ -98,7 +98,7 @@ be presented with a second prompt, depending on which type of 2FA you've enabled ...@@ -98,7 +98,7 @@ be presented with a second prompt, depending on which type of 2FA you've enabled
### Log in via mobile application ### Log in via mobile application
Enter the pin from your phone's application or a recovery code to log in. Enter the pin from your one time password authenticator's application or a recovery code to log in.
![Two-Factor Authentication on sign in via OTP](img/2fa_auth.png) ![Two-Factor Authentication on sign in via OTP](img/2fa_auth.png)
......
...@@ -42,7 +42,7 @@ describe 'Using U2F (Universal 2nd Factor) Devices for Authentication', :js do ...@@ -42,7 +42,7 @@ describe 'Using U2F (Universal 2nd Factor) Devices for Authentication', :js do
it 'allows registering a new device with a name' do it 'allows registering a new device with a name' do
visit profile_account_path visit profile_account_path
manage_two_factor_authentication manage_two_factor_authentication
expect(page).to have_content("You've already enabled two-factor authentication using mobile") expect(page).to have_content("You've already enabled two-factor authentication using one time password authenticators")
u2f_device = register_u2f_device u2f_device = register_u2f_device
...@@ -70,7 +70,7 @@ describe 'Using U2F (Universal 2nd Factor) Devices for Authentication', :js do ...@@ -70,7 +70,7 @@ describe 'Using U2F (Universal 2nd Factor) Devices for Authentication', :js do
it 'allows deleting a device' do it 'allows deleting a device' do
visit profile_account_path visit profile_account_path
manage_two_factor_authentication manage_two_factor_authentication
expect(page).to have_content("You've already enabled two-factor authentication using mobile") expect(page).to have_content("You've already enabled two-factor authentication using one time password authenticators")
first_u2f_device = register_u2f_device first_u2f_device = register_u2f_device
second_u2f_device = register_u2f_device(name: 'My other device') second_u2f_device = register_u2f_device(name: 'My other device')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment