Setting up Two-factor Authentication
Why Two-factor Authentication?
While it is important to have a strong password, to gain extra security, e.g. in case your password or device ever gets compromised, it is a good idea to configure Two-factor Authentication for your account.
With Two-factor Authentication, you will be asked for an authentication code generated using your phone in addition to your password when logging into Codeberg.
That way, your account cannot be compromised even if your password does get compromised, as long as your phone stays safe.
How to set up Two-factor Authentication
You will need an authenticator app installed on your phone.
Step 1: Navigate to your user settings
Step 2: Navigate to the Security tab and click on the Enroll button
Step 3: Scan the QR code and enter the verification code
After scanning the QR code with your app, enter the six-digit code displayed in your app into the "Passcode" field of the settings form, then click "Verify".
Step 4: Store your scratch token in a safe place
If your phone ever breaks, get lost or stolen, you can recover your account using the scratch token.
That token is showed to you right after setting up 2FA:
Please store that token in a safe place.
Step 5: Done!
That's it - you have now configured 2FA for your account.
From now on, each time you log into Codeberg, you will be asked for an authentication code from your app, adding a layer of security over using only a password.
Personal access token
If you push via HTTP (see Clone & Commit via HTTP), an extra step will be needed to create a personal access token. This token will replace your normal password (+ authentication code) on Codeberg.
In your profile settings on Codeberg.org, go to the
In the section
Manage Access Tokens, add a
Token Name and confirm by clicking on the green
Make sure you save the generated token in a safe place, because it will not be shown again.
When asked for your password, just supply the token.
You can create as many token as you like: one for each computer, one for each Git client, one for each session... you decide! You can also revoke tokens at any time by pressing the red
Delete next to the token (see previous screenshot).
Hey there! 👋 Thank you for reading this article!
Is there something missing or do you have an idea on how to improve the documentation? Do you want to write your own article?
For an introduction on contributing to Codeberg Documentation, please have a look at the Contributor FAQ.