Skip to main content

Two-factor authentication

Abstract

You can add two-factor authentication (2FA) on Bitrise as an extra layer of security from the Profile settings.

We provide an extra layer of security to your account if you enable two-factor authentication (2FA) on your Bitrise account.

We recommend that you check your connected accounts (GitHub, Bitbucket, GitLab) and enable 2FA if you haven’t already.

Enabling two-factor authentication

  1. Download and install Google Authenticator on your phone.

  2. Log in to Bitrise, and select Bitrise CI from the left navigation menu.

  3. In the upper right corner, click the profile image to open the dropdown menu.

  4. Select the Account settings option.

    account-settings.png
  5. Select Security on the left.

  6. Click on 2FA is enabled under Two-factor authentication.

    Account security
  7. Open your Google Authenticator and scan the QR-code that appears on your screen.

  8. Enter the 6-digit code that was generated.

  9. Once you have activated your 2FA and saved your recovery codes, you will receive a confirmation email from [email protected].

Disabling two-factor authentication

Follow this procedure to disable two-factor authentication (2FA) if you are already logged into Bitrise.

  1. Log in to Bitrise, and select Bitrise CI from the left navigation menu.

  2. In the upper right corner, click the profile image to open the dropdown menu.

  3. Select the Account settings option.

    account-settings.png
  4. Select Security on the left.

  5. Click on 2FA is enabled under Two-factor authentication.

    Account security
  6. Provide your Bitrise login password in the pop-up window.

    Account security

Have you lost your authenticator and recovery codes?

2FA protects your account from unwanted login attempts (for example, with a stolen password) by providing an extra security step during the login flow. This also means that if you lose the device with the authenticator app, and you lose your recovery codes, you won't be able to access your account and Bitrise Support will not be able to remove the activated 2FA from your account.

However, if there has been any third-party service (for example, GitLab, GitHub or Bitbucket) connected to your account before, you can try to log in through that. In the absence of a connected third-party account, we recommend you to create a new account on Bitrise.

In very special cases, Bitrise can remove 2FA from your account. Please note that Bitrise can only disable the activated 2FA on your account if there is a Git provider account already connected to Bitrise.

  1. Contact our Support Team using the email address you provided when signing up to Bitrise.

  2. Explain why you’re requesting us to remove 2FA.

    Our Support Team will ask you to create a new public repo on your git account with the title: bitrise_verification

  3. Send the link of the created repo to our Support Team.

Please note that our Support Team can deny your request if they find removing 2FA from the account might pose a security risk on your Bitrise account.