Two-factor authentication (2FA) enables you to add an extra layer of protection from getting your account compromised. You can set up two-factor authentication using any device capable of generating Time-based One-Time Password (TOTP) authentication codes (RFC-6238) to log in to your HackerOne account. You can use Google Authenticator, Duo Mobile, or any other compatible application to generate the codes.
To set up two-factor authentication for your account:
Go to your profile’s Settings > Authentication.
Click Set up.
Add your phone number and click Next.
Enter the verification code sent to your phone number. This will enable account recovery.
Click Turn on to enable two-factor authentication.
Scan the QR code in your authenticator app or enter the code manually.
Store your backup codes.
Enter the verification code from your authenticator app as well as one of the backup codes from the previous page.
Click Save.
Once your two-factor authentication is successfully enabled, you’ll be prompted to enter a 6-digit verification code from your authenticator app to log in to your HackerOne account.
You can choose to change your account recovery phone number, turn off two-factor authentication, or regenerate your backup codes.