Using Two-Factor Authentication

Two-factor authentication (2FA) is a security measure that adds an additional step for your login process to protect your account. It requires you to enter your login credentials along with a secondary authentication code such as a pin that an authenticator sends to your phone.

2FA Compliance: If you are participating in a program that has 2FA as a compliance requirement, then you will not be able to access program details, existing submissions, or submit any new report for that program until you enable 2FA. For details, see two-factor authentication compliance.

Enabling 2FA

Bugcrowd recommends enabling 2FA because the program may have sensitive information. In some cases, it may be required by the company that runs the program.

To enable 2FA for your account:

  1. Go to your Account settings.

    account-settings

  2. Click the Security tab and then click Two-factor authentication on the left side.

    2fa-section

  3. Install a 2FA app compatible for your device such as Google Authenticator. Click iPhone or Android based on the device you have and install Google Authenticator.

    install-app

  4. In Configure the app, add your Bugcrowd account to your 2FA app in any of the following ways:

    • Scan the displayed QR code using the app on your device.

    configure-app

    • Manually enter the displayed code in the app on your device.

    enter-code

    The app on your device displays a 6-digit code.

  5. In OTP code, provide the 6-digit code.

    otp

  6. Click Enable 2FA.

    click-enable-2fa

    The 2FA is enabled for your Bugcrowd account and the Two-factor authentication is successfully enabled message is displayed.

    success-message

Logging in Using 2FA

If 2FA is enabled for your account, then each time you log in, you will be prompted to provide the authentication code (generated on your device) along with your username and password.

Disabling 2FA

  1. On the Security tab, click Two-factor authentication on the left side .

    disable-2fa-click-2fa

  2. Click Disable two-factor authentication.

    disable-2fa 2FA is disabled for your Bugcrowd account and you will be redirected to the Login page. When you log in to Bugcrowd, you will not be prompted to provide the authentication code.

    A common issue with 2FA is if it is a new phone or phone is lost. For assistance, send am email to support@bugcrowd.com.

Enabling Backup Codes for 2FA Configuration

You can save 2FA backup codes in advance for situations where you might lose access to your two factor authentication device and are not able to receive authentication codes. The backup codes will allow you to log in to your account and reset your two factor configuration.

To enable backup codes:

  1. On the Two-factor authentication page, click View backup codes.

    view-backup-codes

    The Two-factor backup codes page is displayed.

  2. Click Generate new backup codes.

    generate-backup-codes

    A pop-up message asking for confirmation appears.

  3. Click OK.

    pop-up-message

    The Successfully generated two-factor backup codes message is displayed.

    Also, a list of codes that you can use to login to your account is displayed.

    You can click Download to save the codes as a .txt file, click Print to save the codes as a PDF file, or click Copy to copy the codes to another file.

    Save these codes in a safe place, ideally in a password manager or a similar secure location.

    codes

  4. To regenerate the backup codes, click Generate new backup codes.

    new-bc


Account Management
Program Management
Submission Management
Receiving Rewards