debian-mirror-gitlab/doc/user/profile/user_passwords.md
2023-01-13 15:02:22 +05:30

3.5 KiB

stage group info
Manage Authentication and Authorization To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments

User passwords (FREE)

If you use a password to sign in to GitLab, a strong password is very important. A weak or guessable password makes it easier for unauthorized people to log into your account.

Some organizations require you to meet certain requirements when choosing a password.

Improve the security of your account with two-factor authentication

Choose your password

You can choose a password when you create a user account.

If you register your account using an external authentication and authorization provider, you do not need to choose a password. GitLab sets a random, unique, and secure password for you.

Change your password

You can change your password. GitLab enforces password requirements when you choose your new password.

  1. On the top bar, in the top-right corner, select your avatar.
  2. Select Edit profile.
  3. On the left sidebar, select Password.
  4. In the Current password text box, enter your current password.
  5. In the New password and Password confirmation text box, enter your new password.
  6. Select Save password.

If you don't know your current password, select the I forgot my password link. A password reset email is sent to the account's primary email address.

Password requirements

Your passwords must meet a set of requirements when:

  • You choose a password during registration.
  • You choose a new password using the forgotten password reset flow.
  • You change your password proactively.
  • You change your password after it expires.
  • An an administrator creates your account.
  • An administrator updates your account.

By default GitLab enforces the following password requirements:

Self-managed installations can configure the following additional password requirements:

Block weak passwords

  • Introduced in GitLab 15.4 with a flag named block_weak_passwords, weak passwords aren't accepted. Disabled by default on self-managed.
  • Enabled on GitLab.com.

FLAG: On self-managed GitLab, by default blocking weak passwords is not available. To make it available, ask an administrator to enable the feature flag named block_weak_passwords. On GitLab.com, this feature is available but can be configured by GitLab.com administrators only.

GitLab disallows weak passwords. Your password is considered weak when it:

  • Matches one of 4500+ known, breached passwords.
  • Contains part of your name, username, or email address.
  • Contains a predictable word (for example, gitlab or devops).

Weak passwords are rejected with the error message: Password must not contain commonly used combinations of words and letters.