Merge branch 'security' into 'master'

Added note about backing up recovery codes Several people have tried to recover their 2FA codes. I think we could be more clear about it in the docs. This is why I added a section about it at the top, so they read it before enabling them. https://twitter.com/deathgreps/status/632006221814464512 https://twitter.com/benniemosher/status/633768429313372160 See merge request !1923
author: Job van der Voort <job@gitlab.com> 2015-08-19 10:27:03 +0000
committer: Job van der Voort <job@gitlab.com> 2015-08-19 10:27:03 +0000
commit: 3659d3b5c6eb645756b3df79a22471f8695f133b (patch)
tree: 5426364e53fc50d4e72e891e5bb5ef051edf7cff
parent: 72a425fa6656b397feb6c4d5bfec7b251cf2675d (diff)
parent: b04914ab4629be1af093736725e43bf5586a092e (diff)
download: gitlab-ce-3659d3b5c6eb645756b3df79a22471f8695f133b.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/profile/two_factor_authentication.md b/doc/profile/two_factor_authentication.md
index f60ce35d3e2..a0e23c1586c 100644
--- a/doc/profile/two_factor_authentication.md
+++ b/doc/profile/two_factor_authentication.md
@@ -8,6 +8,10 @@ your phone.
 By enabling 2FA, the only way someone other than you can log into your account
 is to know your username and password *and* have access to your phone.
 
+#### Note
+When you enable 2FA, don't forget to back up your recovery codes. For your safety, if you
+lose your codes for GitLab.com, we can't disable or recover them.  
+
 ## Enabling 2FA
 
 **In GitLab:**
author	Job van der Voort <job@gitlab.com>	2015-08-19 10:27:03 +0000
committer	Job van der Voort <job@gitlab.com>	2015-08-19 10:27:03 +0000
commit	3659d3b5c6eb645756b3df79a22471f8695f133b (patch)
tree	5426364e53fc50d4e72e891e5bb5ef051edf7cff
parent	72a425fa6656b397feb6c4d5bfec7b251cf2675d (diff)
parent	b04914ab4629be1af093736725e43bf5586a092e (diff)
download	gitlab-ce-3659d3b5c6eb645756b3df79a22471f8695f133b.tar.gz