An update to our Researcher 2FA? No way!

Researchers can now generate backup codes for Two-Factor Authentication (2FA) on their Bugcrowd Accounts. Gone are the days researchers have to reach out to the support team for a reset! 

2FA adds an extra layer of security to your Bugcrowd Researcher account. It requires that you provide two means of identification before being granted access to your account. You can enable or disable your 2FA by going into your Account Settings and clicking on the “Security” tab in your Researcher profile. 

New to Two-Factor Authentication?

For more information on how to Enable & Disable 2FA from your security settings, or How-To Log in using 2FA, check out our Researcher Documentation on Using Two-factor Authentication.

As a means to further secure our customer findings, some of our Programs require 2FA to be enabled on your account in order to participate in their program. If you receive an invitation where this is listed as a requirement, you will need to enable 2FA to access the brief and submit to the program. For details, see two-factor authentication compliance documentation.

Lose your device? No worries! 

When you enable 2FA on your profile, the platform now generates several backup codes to help you reset your account without assistance from the Bugcrowd team! These codes are only generated once, so make sure you keep them in a safe place! If you lose or are unable to access your authentication device, you’ll enter the saved backup codes to disable 2FA from your account.

Once 2FA is disabled on your Researcher account, you will be redirected to the Login page and will no longer be prompted to provide an authentication code while signing in.

As always, if you have any questions, please feel free to reach out to Happy Hunting!