GitLab Enables Passkeys for Passwordless 2FA

💡Phishing-proof 2FA with biometrics secures your GitLab ML repos effortlessly.

⚡ 30-Second TL;DR

What Changed

Passwordless sign-in or auto-default 2FA via fingerprint/face/PIN

Why It Matters

Improves secure access for AI devs managing repos/pipelines, aligning with industry MFA pushes.

What To Do Next

Who should care:Developers & AI Engineers

Web-grounded analysis with 9 cited sources.

•GitLab is implementing mandatory MFA in a phased rollout over coming months, notifying user groups based on activity to enable methods like passkeys before deadlines[1].
•A high-severity 2FA bypass vulnerability (CVE-2026-0723) was patched in GitLab versions 18.6.4, 18.7.2, and 18.8.2, affecting CE/EE prior versions via forged device responses[2][3].
•GitLab introduced compromised password detection on June 19, 2025, alerting users during sign-in if credentials match known breached databases[6].

Mandatory MFA rollout will enforce passkey adoption by mid-2026

Phased implementation targets active users first, requiring MFA setup before sign-in deadlines to minimize disruptions[1].

Passkeys reduce 2FA bypass risks post-CVE-2026-0723 patches

WebAuthn private keys staying on-device prevent forged responses exploited in the vulnerability affecting earlier versions[2][3].

2025-06

Introduced compromised password detection during sign-in

2026-01

Began Email OTP rollout as mandatory minimum 2FA

2026-01

Disclosed and patched CVE-2026-0723 2FA bypass vulnerability

2026-02

Enabled passkeys for passwordless 2FA as default MFA option

Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.

Weekly AI Recap

Read this week's curated digest of top AI events →

Same topic

Explore #passkeys

Same product