Settings for “Two-Factor Authentication” in Gitlab are located at:
User -> Settings -> Account
Press the green button: “Enable two-factor authentication”
Gitlab will require you to register a 2FA app for fallback first before a U2F device could be registred. I used the FreeOTP App which is available for Android and iOS.
- Press the QR code button in the app and scan the QR code displayed in the settings dialog. This will add a new item for your gitlab account to the app.
- Tap on the new item to generate a code and enter this code into the ‘Pin code’ form.
- The next screen will show recovery keys for the 2FA. Store them in a save place.
Now you will be asked for a one-time PIN everytime you log into gitlab.
The next step is to register the yubikey as a U2F device.
- Open the two-factor authentication dialog again. (now its called “Manage two-factor authentication”)
- Press “Setup new U2F device”
- The browser should ask you tap your U2F device. Do it.
- Enter a name for the device and press “Register U2F device”
Now you should be able to login to gitlab with your yubikey as second factor.