diff --git a/_data/toc.yaml b/_data/toc.yaml index 8b9c95228a..c4b852a70a 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -3997,16 +3997,26 @@ manuals: section: - path: /docker-hub/ title: Quickstart - - sectiontitle: Security and Authentication + - sectiontitle: Security and authentication section: - path: /docker-hub/access-tokens/ - title: Managing Access Tokens + title: Managing access tokens + - sectiontitle: Two-factor authentication + section: + - path: /docker-hub/2fa/ + title: Enable two-factor authentication + - path: /docker-hub/2fa/disable-2fa/ + title: Disable two-factor authentication + - path: /docker-hub/2fa/recover-hub-account/ + title: Recover your Docker Hub account + - path: /docker-hub/2fa/new-recovery-code/ + title: Generate a new recovery code - path: /docker-hub/release-notes/ title: Release notes - path: /docker-hub/repos/ title: Repositories - path: /docker-hub/official_images/ - title: Official Images + title: Official images - path: /docker-hub/orgs/ title: Teams & Organizations - path: /docker-hub/convert-account/ @@ -4014,10 +4024,10 @@ manuals: - path: /docker-hub/webhooks/ title: Webhooks - path: /docker-hub/slack_integration/ - title: Slack Integration + title: Slack integration - path: /docker-hub/upgrade/ title: Upgrade your plan - - sectiontitle: Automated Builds + - sectiontitle: Automated builds section: - path: /docker-hub/builds/ title: Set up Automated builds @@ -4029,7 +4039,7 @@ manuals: title: Link to GitHub and BitBucket - path: /docker-hub/builds/classic/ title: Classic Automated Builds - - sectiontitle: Publisher & Certified Content + - sectiontitle: Publisher & certified content section: - path: /docker-hub/publish/ title: Overview @@ -4040,11 +4050,11 @@ manuals: - path: /docker-hub/publish/publisher_faq/ title: Publisher FAQs - path: /docker-hub/publish/certify-images/ - title: Certify Images & Plugins + title: Certify images & plugins - path: /docker-hub/publish/certify-plugins-logging/ - title: Certify Logging Plugins + title: Certify logging plugins - path: /docker-hub/publish/trustchain/ - title: Trust Chain + title: Trust chain - path: /docker-hub/publish/byol/ title: Bring Your Own License (BYOL) - path: /docker-hub/deactivate-account/ diff --git a/docker-hub/2fa/disable-2fa.md b/docker-hub/2fa/disable-2fa.md new file mode 100644 index 0000000000..33b3c92277 --- /dev/null +++ b/docker-hub/2fa/disable-2fa.md @@ -0,0 +1,28 @@ +--- +description: Disable two-factor authentication on Docker Hub +keywords: Docker, docker, registry, security, Docker Hub, authentication, two-factor authentication +title: Disable two-factor authentication on Docker Hub +--- + +> **Note:** +> Disabling two-factor authentication will result in decreased security for your +> Docker Hub account. +{: .warning } + + +## Prerequisites +Two-factor authentication is enabled on your Docker Hub account. + +## Disable two-factor authentication +To disable two-factor authentication, log in to your Docker Hub account. Click +on your username and select **Account Settings**. Go to Security and click on +**Disable 2FA**. + +![Disable 2fa button](../images/2fa-disable-2fa.png) + +You will be prompted to input your Docker ID password. Enter your password and +click **Disable 2FA**. + +![Enter your password](../images/2fa-enter-pw-disable-2fa.png){:width="250px"} + +You have successfully disabled two-factor authentication. diff --git a/docker-hub/2fa/index.md b/docker-hub/2fa/index.md new file mode 100644 index 0000000000..7ca9052a75 --- /dev/null +++ b/docker-hub/2fa/index.md @@ -0,0 +1,68 @@ +--- +description: Enabling two-factor authentication on Docker Hub +keywords: Docker, docker, registry, security, Docker Hub, authentication, two-factor authentication +title: Enable two-factor authentication for Docker Hub +--- + +## About two-factor authentication +Two-factor authentication adds an extra layer of security to your Docker Hub +account by requiring a unique security code when you log into your account. The +security code will be required in addition to your password. + +When you enable two-factor authentication, you will also be provided a recovery +code. Each recovery code is unique and specific to your account. You can use +this code to recover your account in case you lose access to your authenticator +app. See [Recover your Docker Hub account](recover-hub-account/). + + +## Prerequisites +You need a mobile phone with a time-based one-time password authenticator +application installed. Common examples include Google Authenticator or Yubico +Authenticator with a registered YubiKey. + +> **Note:** +> Two-factor authentication is currently in beta. Feel free to provide feedback +> at the [Docker Hub feedback repo](https://github.com/docker/hub-feedback/issues). +{: .important} + +## Enable two-factor authentication +To enable two-factor authentication, log in to your Docker Hub account. Click +on your username and select **Account Settings**. Go to Security and click +**Enable Two-Factor Authentication**. + +![Two-factor home](../images/2fa-security-home.png) + +The next page will remind you to download an authenticator app. Click **Set up** +**using an app**. You will receive your unique recovery code. + +> **Save your recovery code and store it somewhere safe.** +> +> Your recovery code can be used to recover your account in the event you lose +> access to your authenticator app. +{: .important } + +![Recovery code example](../images/2fa-recovery-code.png) + +After you have saved your code, click **Next**. + +Open your authenticator app. You can choose between scanning the QR code or +entering a text code into your authenticator app. + +![QR code example](../images/2fa-qr-code.png) + +![Text code example](../images/2fa-text-code.png) + +Once you have linked your authenticator app, it will give you a six-digit code +to enter in text field. Click **Next**. + +![Enter special code](../images/2fa-enter-code.png) + +You have successfully enabled two-factor authentication. The next time you log +in to your Docker Hub account, you will be asked for a security code. + +> **Note:** +> Now that you have two-factor authentication enabled on your account, you must +> create at least one personal access token. Otherwise, you will be unable to +> log in to your account from the Docker CLI. See [Managing access tokens](../access-tokens) +> for more information. +{: .important } diff --git a/docker-hub/2fa/new-recovery-code.md b/docker-hub/2fa/new-recovery-code.md new file mode 100644 index 0000000000..3324f9a63a --- /dev/null +++ b/docker-hub/2fa/new-recovery-code.md @@ -0,0 +1,26 @@ +--- +description: Generate a new 2fa recovery code +keywords: Docker, docker, registry, security, Docker Hub, authentication, two-factor authentication +title: Generate a new recovery code +--- + +If you have lost your two-factor authentication recovery code and still have +access to your Docker Hub account, you can generate a new recovery code. + +## Prerequisites +Two-factor authentication is enabled on your Docker Hub account. + +## Generate a new recovery code + +To disable two-factor authentication, log in to your Docker Hub account. Click +on your username and select **Account Settings**. Go to **Security** and click +on **Click here to generate a new code**. + +![New recovery code link](../images/2fa-disable-2fa.png) + +Enter your password. + +![Enter your password](../images/2fa-pw-new-code.png){:width="250px"} + +Your new recovery code will be displayed. Remember to save your recovery code +and store it somewhere safe. diff --git a/docker-hub/2fa/recover-hub-account.md b/docker-hub/2fa/recover-hub-account.md new file mode 100644 index 0000000000..404f5f4ce4 --- /dev/null +++ b/docker-hub/2fa/recover-hub-account.md @@ -0,0 +1,42 @@ +--- +description: Recover your Docker Hub account +keywords: Docker, docker, registry, security, Docker Hub, authentication, two-factor authentication +title: Recover your Docker Hub account +--- + +If you have lost your two-factor authentication device and need to access your +Docker Hub account, you can gain access to your account using your two-factor +authentication recovery code. + +## Prerequisites +Two-factor authentication is enabled on your Docker Hub account and you have +your two-factor authentication recovery code. + +> If you lose both your 2FA authentication device and recovery code, you may +> not be able to recover your account. +{: .important } + +## Recover your Docker Hub account with a recovery code + +Go through the login process on Docker Hub. When you're asked to enter your +two-factor authentication code, click "I've lost my authentication device". + +![Lost authentication device](../images/2fa-enter-2fa-code.png){:width="250px"} + +On the next screen, click "I have my recovery code". + +![You have your code](../images/2fa-have-recovery-code.png){:width="250px"} + +Enter your recovery code. + +![Enter recovery code](../images/2fa-enter-recover-code.png){:width="250px"} + +Once you have used your recovery code, you will have to re-enable two-factor +authentication. See [Enabling two-factor authentication on Docker Hub](/docker-hub/2fa). + +## Alternative recovery methods + +If you have lost access to both your two-factor authentication application and +your recovery code, send an email to [support@docker.com](mailto:support@docker.com) +from the primary email associated with your Docker Hub ID for recovery +instructions. diff --git a/docker-hub/images/2fa-disable-2fa.png b/docker-hub/images/2fa-disable-2fa.png new file mode 100644 index 0000000000..bedff83088 Binary files /dev/null and b/docker-hub/images/2fa-disable-2fa.png differ diff --git a/docker-hub/images/2fa-enter-2fa-code.png b/docker-hub/images/2fa-enter-2fa-code.png new file mode 100644 index 0000000000..0a55e3bfde Binary files /dev/null and b/docker-hub/images/2fa-enter-2fa-code.png differ diff --git a/docker-hub/images/2fa-enter-code.png b/docker-hub/images/2fa-enter-code.png new file mode 100644 index 0000000000..195e15e1ef Binary files /dev/null and b/docker-hub/images/2fa-enter-code.png differ diff --git a/docker-hub/images/2fa-enter-pw-disable-2fa.png b/docker-hub/images/2fa-enter-pw-disable-2fa.png new file mode 100644 index 0000000000..3ede0390c6 Binary files /dev/null and b/docker-hub/images/2fa-enter-pw-disable-2fa.png differ diff --git a/docker-hub/images/2fa-enter-recover-code.png b/docker-hub/images/2fa-enter-recover-code.png new file mode 100644 index 0000000000..41affb2866 Binary files /dev/null and b/docker-hub/images/2fa-enter-recover-code.png differ diff --git a/docker-hub/images/2fa-have-recovery-code.png b/docker-hub/images/2fa-have-recovery-code.png new file mode 100644 index 0000000000..0f3410f2c9 Binary files /dev/null and b/docker-hub/images/2fa-have-recovery-code.png differ diff --git a/docker-hub/images/2fa-pw-new-code.png b/docker-hub/images/2fa-pw-new-code.png new file mode 100644 index 0000000000..17513451dd Binary files /dev/null and b/docker-hub/images/2fa-pw-new-code.png differ diff --git a/docker-hub/images/2fa-qr-code.png b/docker-hub/images/2fa-qr-code.png new file mode 100644 index 0000000000..41df48b76a Binary files /dev/null and b/docker-hub/images/2fa-qr-code.png differ diff --git a/docker-hub/images/2fa-recovery-code.png b/docker-hub/images/2fa-recovery-code.png new file mode 100644 index 0000000000..7524092fdd Binary files /dev/null and b/docker-hub/images/2fa-recovery-code.png differ diff --git a/docker-hub/images/2fa-security-home.png b/docker-hub/images/2fa-security-home.png new file mode 100644 index 0000000000..1fc2ca2f86 Binary files /dev/null and b/docker-hub/images/2fa-security-home.png differ diff --git a/docker-hub/images/2fa-text-code.png b/docker-hub/images/2fa-text-code.png new file mode 100644 index 0000000000..2efc74a107 Binary files /dev/null and b/docker-hub/images/2fa-text-code.png differ