Is it possible to avoid an app on a phone with web-based 2FA

Is there a supported 2FA provider compatible with gitlab that offers simple web access? I do not want to use a mobile device.

Yes, you can use things like Yubikey for example.

1 Like

Yes, I did see that but it is a piece of hardware. I am interested in a web interface if there is such a supported thing.

All 2FA options are explained here: Two-factor authentication | GitLab

The whole point of 2FA is to add either something you are or something you have to the password (which is something you know). Both things typically require a piece of hardware.

1 Like

Some password managers with desktop/web clients offer an option to handle time-based one time passwords (TOTP), which would seem to achieve your goal of enabling 2FA without using a mobile app or hardware token.

However, storing your password and your TOTP in the same place is risky and generally considered as going against security best practices.


Late to the thread, but I just wanted to let you know that we have been working on a solution for this problem (a web-based 2FA authenticator) and have released a commercial product for this (Daito Authenticator) which enables teams to manage and securely share 2FA tokens with others. Web-based, no phone or mobile app needed.