TOTPs not required for WebAuthn device

Review changes
Download
Patches
Plain diff

Jon Glassman requested to merge webauth-totp into master Feb 07, 2023

Overview 70
Commits 11
Pipelines 12
Changes 1

What does this MR do?

Previously, you had to use a time-based one-time password (TOTP) before you could add a WebAuthn device as a two-factor authentication (2FA) method on your GitLab account. From GitLab 15.9, you can add a WebAuthn device as your 2FA method without having to use a TOTP. You must download recovery codes when adding a WebAuthn device as your 2FA method so you can recover access to your account if you are locked out. This documentation changes reflects this. See gitlab-com/www-gitlab-com!117506 (merged) for the release post item MR.

This change also clarifies that:

A WebAuthn device is bound to a particular web browser on a specific computer.
When you set up a WebAuthn device, you enter a device name and password, and you might not need to enter this password if you have signed in through your identity provider.
Clearing the browser data could lead to the user unable to sign-in and they would need to set up the device again.

Author's checklist

Optional. Consider taking the GitLab Technical Writing Fundamentals course.
Follow the:
If you're adding or changing the main heading of the page (H1), ensure that the product tier badge is added.
If you are a GitLab team member, request a review based on:
- The documentation page's metadata.
- The associated Technical Writer.

If you are a GitLab team member and only adding documentation, do not add any of the following labels:

~"frontend"
~"backend"
~"type::bug"
~"database"

These labels cause the MR to be added to code verification QA issues.

Reviewer's checklist

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

If you aren't sure which tech writer to ask, use roulette or ask in the #docs Slack channel.

If the content requires it, ensure the information is reviewed by a subject matter expert.
Technical writer review items:
- Ensure docs metadata is present and up-to-date.
- Ensure the appropriate labels are added to this MR.
- Ensure a release milestone is set.
- If relevant to this MR, ensure content topic type principles are in use, including:
  - The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
  - The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
  - Any task steps should be written as a numbered list.
  - If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.

Edited Feb 13, 2023 by Jon Glassman

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading