Paul Cochrane 🇪🇺
iam-py-testEffective 27 April, GitLab will require MFA, according to an email sent to GitLab users.
This only includes gitlab.com, not self-managed instances. Accounts which exclusively use Single Sign On will not be required to enable MFA.
Users who do not enable MFA before the deadline will be automatically opted-in to MFA using a token sent to the email associated with the account.
GitLab recommends anyone using password authentication for the GitLab API migrate to using Personal Access Tokens.
GitLab's email does not cite a reason for the change, but the likely motivation is the threat of supply chain attacks on open source projects.