Using Two-Factor Authentication

Two-factor authentication (2FA) is a security measure that adds an additional step for your login process to protect your account. It requires you to enter your login credentials along with a secondary authentication code such as a pin that an authenticator sends to your phone.

New enhancements have been implemented for 2FA to improve your experience and help reduce account lockouts. The new enhancements apply to all 2FA users and are the following:

  • You can now check how many backup keys you have.
  • You will get a warning on the top-level 2FA settings page if you have low remaining codes.
  • The 2FA backup form has improved autocomplete integration with password managers like 1Password.

2FA Compliance: If you are participating in a program that has 2FA as a compliance requirement, then you will not be able to access program details, existing submissions, or submit any new report for that program until you enable 2FA. For details, see two-factor authentication compliance.

Enabling 2FA

Bugcrowd recommends enabling 2FA because the program may have sensitive information. In some cases, it may be required by the company that runs the program.

To enable 2FA for your account:

  1. Go to your Account settings.


  2. Click the Security tab and then click Two-factor authentication on the left side.


  3. Install a 2FA app compatible for your device such as Google Authenticator. Click iPhone or Android based on the device you have and install Google Authenticator.


  4. In Configure the app, add your Bugcrowd account to your 2FA app in any of the following ways:

    • Scan the displayed QR code using the app on your device.


    • Manually enter the displayed code in the app on your device.


    The app on your device displays a 6-digit code.

  5. In OTP code, provide the 6-digit code.


  6. Click Enable 2FA.


    The 2FA is enabled for your Bugcrowd account and the Two-factor authentication is successfully enabled message is displayed.


You will get notifications that will help reduce account lockouts and make managing 2FA a lot easier.

You will get the following notification in different scenarios:

  • If no 2FA codes are configured.


  • If the number of backup codes you have are low.


  • Notifying the number of backup codes that you have.


Logging in Using 2FA

If 2FA is enabled for your account, then each time you log in, you will be prompted to provide the authentication code (generated on your device) along with your username and password.


Disabling 2FA

  1. On the Security tab, click Two-factor authentication on the left side .


  2. Click Disable two-factor authentication.

    disable-2fa 2FA is disabled for your Bugcrowd account and you will be redirected to the Login page. When you log in to Bugcrowd, you will not be prompted to provide the authentication code.

    A common issue with 2FA is if it is a new phone or phone is lost. For assistance, submit a support ticket through the Bugcrowd Support Portal.

Enabling Backup Codes for 2FA Configuration

You can save 2FA backup codes in advance for situations where you might lose access to your two factor authentication device and are not able to receive authentication codes. The backup codes will allow you to log in to your account and reset your two factor configuration.

To enable backup codes:

  1. On the Two-factor authentication page, click Manage backup codes.


    The Two-factor backup codes page is displayed.

  2. Click Generate new backup codes.


    A pop-up message asking for confirmation appears.

  3. Click OK.


    The Successfully generated two-factor backup codes message is displayed.


    Also, a list of codes that you can use to login to your account is displayed.

    You can click Download to save the codes as a .txt file, click Print to save the codes as a PDF file, or click Copy to copy the codes to another file.

    Save these codes in a safe place, ideally in a password manager or a similar secure location.


  4. To regenerate the backup codes, click Generate new backup codes.