Eclipse openK User Modules issueshttps://gitlab.eclipse.org/groups/eclipse/openk-usermodules/-/issues2023-12-13T16:43:43Zhttps://gitlab.eclipse.org/eclipse/openk-usermodules/org.eclipse.openk-usermodules.elogbook/-/issues/1Enforcing 2FA on Gitlab Accounts2023-12-13T16:43:43ZTiago LucasEnforcing 2FA on Gitlab AccountsDear project committers, \
I would like to bring to your attention that the security team at the Eclipse Foundation will soon be requiring that accounts with committer privileges on gitlab.eclipse.org activate 2FA access control. \
The p...Dear project committers, \
I would like to bring to your attention that the security team at the Eclipse Foundation will soon be requiring that accounts with committer privileges on gitlab.eclipse.org activate 2FA access control. \
The plans, along with details on the importance of this change, have been [shared on the committers mailing list](https://www.eclipse.org/lists/eclipse.org-committers/msg01397.html). \
As included in the announcement, we are opening this ticket to inform you and track the activation of 2FA on accounts belonging to this projects’ members. \
To keep in mind, starting on on the **30th of October** you’ll likely see a banner each time you access GitLab reminding you to activate 2FA in your account. \
The deadline is **December the 4th**, by which access to your account will be limited until you activate 2FA. It is highly recommended that you enroll in this process before the deadline.
GitLab offers [instructions](https://gitlab.eclipse.org/help/user/profile/account/two_factor_authentication.md) on every step of the process and we’re happy to answer any question you might have. \
Thank you!
/cc @mbarbero
## FAQ
### How can I activate 2FA for my [gitlab.eclipse.org](https://gitlab.eclipse.org) account?
Detailed [instructions](https://gitlab.eclipse.org/help/user/profile/account/two_factor_authentication.md) are available. In a nutshell, visit [gitlab.eclipse.org/-/profile/two_factor_auth](https://gitlab.eclipse.org/-/profile/two_factor_auth) and follow the on-screen instructions.
If the form asks you for a password in order to set up 2FA on your account, this is not your Eclipse account’s password. It is a known bug on Gitlab that some accounts are requested a “local” password despite having one in the Active Directory. \
You should request a [password reset](https://gitlab.eclipse.org/-/profile/password/edit) and use that same password for this form. This process *does not* change your Eclipse account password.
### Do I need to purchase a hardware token for account access?
No. GitLab supports two 2FA methods:
_Time-based One Time Password_ (TOTP) compatible with mobile apps like Google Authenticator or Authy, and several password managers such as Bitwarden or 1Password.
_WebAuthN_, which necessitates a hardware token, typically a USB key (examples include [Solo 2 key](https://solokeys.com/) or [Yubikey](https://www.yubico.com/la-cle-yubikey/yubikey-5-series/)). These tokens are sometimes referred to as FIDO2 keys.
### How will this affect my [gitlab.eclipse.org](https://gitlab.eclipse.org) accounts?
In the near future, 2FA will become mandatory for authentication on your accounts. Should you not have enrolled by the deadline we communicated to you, access to the platform will be restricted.
### I already have 2FA enabled on [gitlab.eclipse.org](https://gitlab.eclipse.org), do I need to do anything?
No, you’re all good.
### What do I do if I lose my 2FA device?
We highly recommend the utilization of diverse secondary authentication methods. In the event that you misplace all your secondary authentication elements, recovery codes will be the only way to restore account access. By securely storing your recovery codes, you'll ensure the ability to regain access.
Note that the Eclipse IT team may be able to recover access to accounts with 2FA enabled if both the 2FA credentials and account recovery methods are lost. This will require extra identity verification and direct contact with [security@eclipse-foundation.org](mailto:security@eclipse-foundation.org) or [webmaster@eclipse-foundation.org](mailto:webmaster@eclipse-foundation.org).