|
| 1 | +# Two-Factor Authentication |
| 2 | + |
| 3 | +Using two-factor authentication verifies a user's identity with two methods, adding extra security to ensure only authorized individuals can access an account, even if the password is compromised. |
| 4 | + |
| 5 | +If you choose to enable two-factor authentication, at every login you will need to provide: |
| 6 | +- Username or email & password (normal login credentials) |
| 7 | +- One-time security code via app |
| 8 | + |
| 9 | +## Enable Two-factor Authentication (2FA) |
| 10 | + |
| 11 | +To enable Two-factor Authentication with a one-time password: |
| 12 | + |
| 13 | +In the Hugging Face Hub: |
| 14 | +1. Go to your [Authentication settings](https://hf.co/settings/authentication) |
| 15 | +2. Select Add Two-Factor Authentication |
| 16 | + |
| 17 | +On your device (usually your phone): |
| 18 | +1. Install a compatible application. For example: |
| 19 | + - Authy |
| 20 | + - Google Authenticator |
| 21 | + - Microsoft Authenticator |
| 22 | + - FreeOTP |
| 23 | +2. In the application, add a new entry in one of two ways: |
| 24 | + - Scan the code displayed on screen Hub with your device’s camera to add the entry automatically |
| 25 | + - Enter the details provided to add the entry manually |
| 26 | + |
| 27 | +In Hugging Face Hub: |
| 28 | +1. Enter the six-digit pin number from your authentication device into "Code" |
| 29 | +2. Save |
| 30 | + |
| 31 | +<div class="flex justify-center"> |
| 32 | + <img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/two-fa/settings.png"/> |
| 33 | + <img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/two-fa/settings-dark.png" /> |
| 34 | +</div> |
| 35 | + |
| 36 | +If you entered the correct pin, the Hub displays a list of recovery codes. Download them and keep them in a safe place. |
| 37 | + |
| 38 | +## Recovery codes |
| 39 | + |
| 40 | +Right after you've successfully activated 2FA with a one-time password, you're requested to download a collection of generated recovery codes. If you ever lose access to your one-time password authenticator, you can use one of these recovery codes to log in to your account. |
| 41 | + |
| 42 | +- Each code can be used only **once** to sign in to your account |
| 43 | +- You should copy and print the codes, or download them for storage in a safe place. If you choose to download them, the file is called **huggingface-recovery-codes.txt** |
| 44 | + |
| 45 | +<div class="flex justify-center"> |
| 46 | + <img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/two-fa/recovery-codes.png"/> |
| 47 | + <img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/two-fa/recovery-codes-dark.png" /> |
| 48 | +</div> |
| 49 | + |
| 50 | +If you lose the recovery codes, or want to generate new ones, you can use the [Authentication settings](https://hf.co/settings/authentication) page. |
| 51 | + |
| 52 | +## Regenerate two-factor authentication recovery codes |
| 53 | + |
| 54 | +To regenerate 2FA recovery codes: |
| 55 | +1. Access your [Authentication settings](https://hf.co/settings/authentication) |
| 56 | +2. If you’ve already configured 2FA, select Recovery Code |
| 57 | +3. Click on Regenerate recovery codes |
| 58 | + |
| 59 | +<Tip warning={true}> |
| 60 | +If you regenerate 2FA recovery codes, save them. You can’t use any previously created recovery codes. |
| 61 | +</Tip> |
| 62 | + |
| 63 | +## Sign in with two-factor authentication enabled |
| 64 | + |
| 65 | +When you sign in with 2FA enabled, the process is only slightly different than the standard sign-in procedure. After entering your username and password, you'll encounter an additional prompt, depending on the type of 2FA you've set up. When prompted, provide the pin from your one-time password authenticator's app or a recovery code to complete the sign-in process. |
| 66 | + |
| 67 | +<div class="flex justify-center"> |
| 68 | + <img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/two-fa/totp-confirm.png"/> |
| 69 | + <img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/two-fa/totp-confirm-dark.png" /> |
| 70 | +</div> |
| 71 | + |
| 72 | +## Disable two-factor authentication |
| 73 | + |
| 74 | +To disable 2FA: |
| 75 | +1. Access your [Authentication settings](https://hf.co/settings/authentication) |
| 76 | +2. Click on "Remove". |
| 77 | + |
| 78 | +This clears all your 2FA registrations. |
| 79 | + |
| 80 | +## Recovery options |
| 81 | + |
| 82 | +If you no longer have access to your authentication device, you can still recover access to your account: |
| 83 | + |
| 84 | +- Use a saved recovery code, if you saved them when you enabled two-factor authentication |
| 85 | +- Requesting help with two-factor authentication |
| 86 | + |
| 87 | +### Use a recovery code |
| 88 | + |
| 89 | +To use a recovery code: |
| 90 | +1. Enter your username or email, and password, on the [Hub sign-in page](https://hf.co/login) |
| 91 | +2. When prompted for a two-factor code, click on "Lost access to your two-factor authentication app? Use a recovery code" |
| 92 | +3. Enter one of your recovery codes |
| 93 | + |
| 94 | +After you use a recovery code, you cannot re-use it. You can still use the other recovery codes you saved. |
| 95 | + |
| 96 | +### Requesting help with two-factor authentication |
| 97 | + |
| 98 | +In case you've forgotten your password and lost access to your two-factor authentication credentials, you can reach out to support (website@huggingface.co) to regain access to your account. You'll be required to verify your identity using a recovery authentication factor, such as an SSH key or personal access token. |
0 commit comments