GitLab Support is no longer processing MFA resets for free users

[Ink]

Content source

https://about.gitlab.com/blog/2020/08/04/gitlab-support-no-longer-processing-mfa-resets-for-free-users/

Today our users are starting to face attack-vectors that were previously unheard of on GitLab.com. As a result, we don’t want our security practices to be only going through the motions of security. We’ve all seen examples of companies whose Multi-Factor Authentication (MFA) reset policies negate the security benefits of MFA on accounts.

Today we’re announcing a change that will put account security wholly in the hands of our users.

If you are caught where you are not able to provide your MFA token and without these backup methods, your account will be irrecoverable.

 

[TairikuOkami]

One of the reasons, I enable 2FA, only when I have to. I have seen way too many people to complain, that they can not regain access their accounts with 2FA enabled, sometimes the service is at fault. Well they can not, if there is a good 2FA in place. I like 2FA with multiple options, like SMS or email.