Two-factor authentication #1210
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
julien-c
reviewed
Feb 5, 2024
docs/hub/_toctree.yml
Outdated
| @@ -280,6 +280,8 @@ | |||
| sections: | |||
| - local: security-tokens | |||
| title: User Access Tokens | |||
| - local: security-two-factor-authentication | |||
There was a problem hiding this comment.
Suggested change
| - local: security-two-factor-authentication | |
| - local: security-mfa |
shorter?
| In case you've forgotten your password and lost access to your two-factor authentication credentials, you can reach out to support (website@huggingface.co) to regain access to your account. You'll be required to verify your identity using a recovery authentication factor, such as an SSH key. | ||
|
|
||
| To complete your recovery request, you'll need to confirm an alternative authentication factor. Choose a recovery verification method: | ||
| - If you've previously established an SSH key on this account, provide your public SSH key |
There was a problem hiding this comment.
note that there was an open issue (by @severo i think) to expose any user's SSH public keys
So in that case anyone would have this
There was a problem hiding this comment.
There was a problem hiding this comment.
I would just keep the very first line of this section for now I think :)
julien-c
reviewed
Feb 5, 2024
| @@ -0,0 +1,99 @@ | |||
| # Two-Factor Authentication | |||
|
|
|||
| Implementing two-factor authentication is a method of verifying a user's identity by using two separate authentication methods. This extra layer of security ensures that only authorized individuals can access an account, even if the password has been compromised. | |||
There was a problem hiding this comment.
this sounds a bit complex/verbose, let's simplify it?
There was a problem hiding this comment.
Suggested change
| Implementing two-factor authentication is a method of verifying a user's identity by using two separate authentication methods. This extra layer of security ensures that only authorized individuals can access an account, even if the password has been compromised. | |
| Adding an additional authentication factor ensures that only authorized individuals can access your account, even if the password has been compromised. |
?
There was a problem hiding this comment.
or even ... only you can access your account, even if your password has been compromised
Pierrci
reviewed
Feb 5, 2024
| @@ -0,0 +1,99 @@ | |||
| # Two-Factor Authentication | |||
|
|
|||
| Implementing two-factor authentication is a method of verifying a user's identity by using two separate authentication methods. This extra layer of security ensures that only authorized individuals can access an account, even if the password has been compromised. | |||
There was a problem hiding this comment.
Suggested change
| Implementing two-factor authentication is a method of verifying a user's identity by using two separate authentication methods. This extra layer of security ensures that only authorized individuals can access an account, even if the password has been compromised. | |
| Adding an additional authentication factor ensures that only authorized individuals can access your account, even if the password has been compromised. |
?
| In case you've forgotten your password and lost access to your two-factor authentication credentials, you can reach out to support (website@huggingface.co) to regain access to your account. You'll be required to verify your identity using a recovery authentication factor, such as an SSH key. | ||
|
|
||
| To complete your recovery request, you'll need to confirm an alternative authentication factor. Choose a recovery verification method: | ||
| - If you've previously established an SSH key on this account, provide your public SSH key |
There was a problem hiding this comment.
I would just keep the very first line of this section for now I think :)
Co-authored-by: Pierric Cistac <Pierrci@users.noreply.github.com>
pcuenca
reviewed
Feb 6, 2024
| @@ -0,0 +1,99 @@ | |||
| # Two-Factor Authentication | |||
|
|
|||
| Implementing two-factor authentication is a method of verifying a user's identity by using two separate authentication methods. This extra layer of security ensures that only authorized individuals can access an account, even if the password has been compromised. | |||
There was a problem hiding this comment.
or even ... only you can access your account, even if your password has been compromised
| To enable Two-factor Authentication with a one-time password: | ||
|
|
||
| In the Hugging Face Hub: | ||
| 1. Go to your [Authentication settings](https://hf.co/settings/authentication) |
Co-authored-by: Pedro Cuenca <pedro@huggingface.co>
This reverts commit dc2ff8d.
Pierrci
approved these changes
Feb 6, 2024
Co-authored-by: Pierric Cistac <Pierrci@users.noreply.github.com>
SBrandeis
reviewed
Feb 7, 2024
Comment on lines
+5
to
+7
| If you choose to enable two-factor authentication, at every login you will need to provide: | ||
| - Username or email & password (normal login credentials) | ||
| - One-time security code via app |
There was a problem hiding this comment.
(maybe)
Suggested change
| If you choose to enable two-factor authentication, at every login you will need to provide: | |
| - Username or email & password (normal login credentials) | |
| - One-time security code via app | |
| If you choose to enable two-factor authentication, at every login you will need to provide: | |
| - Your username & password (the usual login credentials) | |
| - A one-time security code generated with an app |
|
|
||
| To enable Two-factor Authentication with a one-time password: | ||
|
|
||
| In the Hugging Face Hub: |
There was a problem hiding this comment.
No need to precise IMO (we're already in the Hub documentation)
Suggested change
| In the Hugging Face Hub: |
Comment on lines
+23
to
+25
| 2. In the application, add a new entry in one of two ways: | ||
| - Scan the code displayed on screen Hub with your device’s camera to add the entry automatically | ||
| - Enter the details provided to add the entry manually |
There was a problem hiding this comment.
Suggested change
| 2. In the application, add a new entry in one of two ways: | |
| - Scan the code displayed on screen Hub with your device’s camera to add the entry automatically | |
| - Enter the details provided to add the entry manually | |
| 2. In the application, add a new entry in one of two ways: | |
| - Scan the QR code displayed on screen with your device’s camera | |
| - Enter the details provided to add the entry manually |
| - Scan the code displayed on screen Hub with your device’s camera to add the entry automatically | ||
| - Enter the details provided to add the entry manually | ||
|
|
||
| In Hugging Face Hub: |
There was a problem hiding this comment.
Suggested change
| In Hugging Face Hub: | |
| To finalize the setup, on the Hugging Face Hub: |
|
|
||
| In Hugging Face Hub: | ||
| 1. Enter the six-digit pin number from your authentication device into "Code" | ||
| 2. Save |
There was a problem hiding this comment.
Suggested change
| 2. Save | |
| 2. Click the save button |
| <img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/two-fa/settings-dark.png" /> | ||
| </div> | ||
|
|
||
| If you entered the correct pin, the Hub displays a list of recovery codes. Download them and keep them in a safe place. |
There was a problem hiding this comment.
Suggested change
| If you entered the correct pin, the Hub displays a list of recovery codes. Download them and keep them in a safe place. | |
| If you entered the correct pin, the Hub displays a list of recovery codes. Make sure you keep them in a safe place: they allow recovering access to your account if you ever lose access to the 2FA device. |
|
|
||
| ## Recovery codes | ||
|
|
||
| Right after you've successfully activated 2FA with a one-time password, you're requested to download a collection of generated recovery codes. If you ever lose access to your one-time password authenticator, you can use one of these recovery codes to log in to your account. |
There was a problem hiding this comment.
Suggested change
| Right after you've successfully activated 2FA with a one-time password, you're requested to download a collection of generated recovery codes. If you ever lose access to your one-time password authenticator, you can use one of these recovery codes to log in to your account. | |
| Right after you've successfully activated 2FA with a one-time password, you're requested to download a collection of generated recovery codes. If you ever lose access to your one-time password authenticator device, you can use one of these recovery codes to log in to your account. |
| 3. Click on Regenerate recovery codes | ||
|
|
||
| <Tip warning={true}> | ||
| If you regenerate 2FA recovery codes, save them. You can’t use any previously created recovery codes. |
There was a problem hiding this comment.
Suggested change
| If you regenerate 2FA recovery codes, save them. You can’t use any previously created recovery codes. | |
| Regenerating 2FA recovery codes invalidates the previous ones, meaning you will not be able to use them anymore. We recommend you save the newly generated codes somewhere safe. |
| 1. Access your [Authentication settings](https://hf.co/settings/authentication) | ||
| 2. Click on "Remove". | ||
|
|
||
| This clears all your 2FA registrations. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.