Today our users are starting to face attack-vectors that were previously unheard of on GitLab.com. As a result, we don’t want our security practices to be only going through the motions of security. We’ve all seen examples of companies whose Multi-Factor Authentication (MFA) reset policies negate the security benefits of MFA on accounts.
Today we’re announcing a change that will put account security wholly in the hands of our users.
If you are caught where you are not able to provide your MFA token and without these backup methods, your account will be irrecoverable.