Two-factor authentication (2FA) is a security measure that adds an additional step for your login process to protect your account. It requires you to enter your login credentials along with a secondary authentication code, such as a code from an authenticator app on your phone.
Two-Factor Authentication (2FA) is mandatory for all Bugcrowd Researcher accounts.
Logging in Using 2FA
Each time you log in, you will be prompted to authenticate with one of your enrolled 2FA methods along with your username and password.
Changing Your 2FA Methods
To change your 2FA methods, go to the Security methods page in the authentication service (click your profile picture and then click Account settings > Security > Settings > Manage authentication settings) and update your configured authentication methods.
Bugcrowd supports:
- Okta Verify - Use the Okta Verify app on your device.
- Security Key or Biometric Authenticator - Use a hardware security key or biometric authentication.
- Google Authenticator - Use Google Authenticator or a compatible TOTP app.
You can enrol multiple 2FA methods, and we recommend doing this so that if you lose access to one of your devices you do not lose access to your account.
Note: If you had configured 2FA on your account prior to 2026, you will see an additional 2FA method called “Bugcrowd Legacy OTP”. This method supports 2FA codes for devices setup before 2026, but does not support new enrolments. If you need this method removed from your account, contact Bugcrowd Support
If you have lost access to all your enrolled 2FA methods, contact Bugcrowd Support to request a 2FA reset
