You can restrict the password authentication for web interface and Git over HTTP(S):
- **Web interface**: When this feature is disabled, an [external authentication provider](../../../administration/auth/README.md) must be used.
- **Git over HTTP(S)**: When this feature is disabled, a [Personal Access Token](../../profile/personal_access_tokens.md) must be used to authenticate.
## Two-factor authentication
When this feature enabled, all users will have to use the [two-factor authentication](../../profile/account/two_factor_authentication.md).
Once the two-factor authentication is configured as mandatory, the users will be allowed
to skip forced configuration of two-factor authentication for the configurable grace