Two-factor authentication enables you to add an extra layer of protection from getting your account compromised. You can set up two-factor authentication using any device capable of generating Time-based One-Time Password (TOTP) authentication codes (RFC-6238) to log in to your HackerOne account. You can use Google Authenticator or Duo Mobile or any other compatible application to generate the codes.
To set up two-factor authentication for your account:
- Go your profile’s Settings > Authentication.
- Click Set up.
- Add your phone number and click Next.
- Enter the verification code sent to your phone number. This will enable account recovery.
- Click Turn on to enable two-factor authentication.
- Scan the QR code in your authenticator app or enter the code manually.
- Store your backup codes.
- Enter the verification code from your authenticator app as well as one of the backup codes from the previous page.
- Click Save.
Once your two-factor authentication is successfully enabled, you’ll be prompted to enter a 6-digit verification code from your authenticator app to log in to your HackerOne account.
You can choose to change your account recovery phone number, turn off two-factor authentication or regenerate your backup codes.