Is it possible to avoid an app on a phone with web-based 2FA

Is there a supported 2FA provider compatible with gitlab that offers simple web access? I do not want to use a mobile device.

Yes, you can use things like Yubikey for example.

1 Like

Yes, I did see that but it is a piece of hardware. I am interested in a web interface if there is such a supported thing.

All 2FA options are explained here: Two-factor authentication | GitLab

The whole point of 2FA is to add either something you are or something you have to the password (which is something you know). Both things typically require a piece of hardware.

1 Like

Some password managers with desktop/web clients offer an option to handle time-based one time passwords (TOTP), which would seem to achieve your goal of enabling 2FA without using a mobile app or hardware token.

However, storing your password and your TOTP in the same place is risky and generally considered as going against security best practices.

2 Likes

Late to the thread, but I just wanted to let you know that we have been working on a solution for this problem (a web-based 2FA authenticator) and have released a commercial product for this (Daito Authenticator) which enables teams to manage and securely share 2FA tokens with others. Web-based, no phone or mobile app needed.