Two-Factor Authentication

Two-factor authentication (2FA) setup instructions

Updated over a week ago

Two-factor authentication (2FA) enables you to add an extra layer of protection from getting your account compromised. You can set up two-factor authentication using any device capable of generating Time-based One-Time Password (TOTP) authentication codes (RFC-6238) to log in to your HackerOne account. You can use Google Authenticator, Duo Mobile, or any other compatible application to generate the codes.

To set up two-factor authentication for your account:

  1. Go to your profile’s Settings > Authentication.

  2. Click Set up.

  3. Add your phone number and click Next.

  4. Enter the verification code sent to your phone number. This will enable account recovery.

  5. Click Turn on to enable two-factor authentication.

    Account recovery setup window
  6. Scan the QR code in your authenticator app or enter the code manually.

  7. Store your backup codes.

  8. Enter the verification code from your authenticator app as well as one of the backup codes from the previous page.

    Verify your phone number with the authentication code sent to it
  9. Click Save.

Once your two-factor authentication is successfully enabled, you’ll be prompted to enter a 6-digit verification code from your authenticator app to log in to your HackerOne account.

Use your authentication app to get a verification code

You can choose to change your account recovery phone number, turn off two-factor authentication, or regenerate your backup codes.

2FA has been enabled

Did this answer your question?