Add 2FA docsrs-2fa-docs

[ci skip]

2 files changed, 67 insertions, 1 deletions

diff --git a/doc/workflow/README.md b/doc/workflow/README.md
index 0fca68f364e..89005e51958 100644
--- a/doc/workflow/README.md
+++ b/doc/workflow/README.md
@@ -11,7 +11,8 @@
 - [Migrating from SVN to GitLab](migrating_from_svn.md)
 - [Project importing from GitHub to GitLab](import_projects_from_github.md)
 - [Project importing from GitLab.com to your private GitLab instance](import_projects_from_gitlab_com.md)
+- [Two-factor Authentication (2FA)](two_factor_authentication.md)
 - [Protected branches](protected_branches.md)
 - [Change your time zone](timezone.md)
 - [Keyboard shortcuts](shortcuts.md)
-- [Web Editor](web_editor.md)
\ No newline at end of file
+- [Web Editor](web_editor.md)
diff --git a/doc/workflow/two_factor_authentication.md b/doc/workflow/two_factor_authentication.md
new file mode 100644
index 00000000000..81f51042bff
--- /dev/null
+++ b/doc/workflow/two_factor_authentication.md
@@ -0,0 +1,65 @@
+# Two-factor Authentication (2FA)
+
+Two-factor Authentication (2FA) provides an additional level of security to your
+GitLab account. Once enabled, in addition to supplying your username and
+password to login, you'll be prompted for a code generated by an application on
+your phone.
+
+By enabling 2FA, the only way someone other than you can log into your account
+is to know your username and password *and* have access to your phone.
+
+## Enabling 2FA
+
+**In GitLab:**
+
+1. Log in to your GitLab account.
+1. Go to your **Profile Settings**.
+1. Go to **Acount**.
+1. Click **Enable Two-factor Authentication**.
+
+TODO: Insert screenshot of 2FA page (with the "Can't scan the code?" text)
+
+**On your phone:**
+
+1. Install a compatible application. We recommend [Google Authenticator].
+1. In the application, add a new entry in one of two ways:
+    * Scan the code with your phone's camera to add the entry automatically.
+    * Enter the details provided to add the entry manually.
+
+**In GitLab:**
+
+1. Enter the six-digit pin number from the entry on your phone into the **Pin
+   code** field.
+1. Click **Submit**.
+
+If the pin you entered was correct, you'll see a message indicating that
+Two-factor Authentication has been enabled, and you'll be presented with a list
+of recovery codes.
+
+## Recovery Codes
+
+Should you ever lose access to your phone, you can use one of the ten provided
+backup codes to login to your account. We suggest copying or printing them for
+storage in a safe place. **Each code can be used only once** to log in to your
+account.
+
+If you lose the recovery codes or just want to generate new ones, you can do so
+from the **Profile Settings** > **Acount** page where you first enabled 2FA.
+
+## Logging in with 2FA Enabled
+
+Logging in with 2FA enabled is only slightly different than a normal login.
+Enter your username and password credentials as you normally would, and you'll
+be presented with a second prompt for an authentication code. Enter the pin from
+your phone's application or a recovery code to log in.
+
+TODO: Insert screenshot of 2FA login prompt?
+
+## Disabling 2FA
+
+1. Log in to your GitLab account.
+1. Go to your **Profile Settings**.
+1. Go to **Acount**.
+1. Click **Disable Two-factor Authentication**.
+
+[Google Authenticator]: https://support.google.com/accounts/answer/1066447?hl=en