Immunefi has previously only supported email and password based authentication to the platform. Only having password and email based authentication opens up users to security risks in the event that their email+password combination gets compromised.
To help protect your account from unauthorized access, the Immunefi platform now supports the usage of a second authentication factor using time-based one-time passwords (TOTP) from an authenticator app (such as Google/Microsoft/Authy Authenticator). Two-factor authentication is not enabled by default. To enable 2FA for your account please follow these steps:
Step 1: Go to your Immunefi user settings and on the Two-factor authentication row click “Enable”
Step 2: Open (or download) your authenticator application and scan the QR code
On the next screen open your authenticator application (e.g. Google Authenticator) and scan the QR code displayed. Alternatively, if you cannot scan the QR code then enter the provided code manually into your authenticator application.
Once the QR code is captured, then your authenticator application will display a 6 digit code. Enter this into the window and click “Next”.
Step 3: Save your recovery codes
On the next screen take a moment to view and save your backup codes. You will need these codes if you ever lose your authenticator application.
Important: If you lose both your authenticator and back up codes then your account will be irrecoverable! Immunefi will not be able to assist with regaining access to your account.
Step 4: 2FA Enabled
Once you click “Enable 2FA” you’ve completed enabling two-factor authentication on your Immunefi account. You’ll need to use codes from your authenticator application when you login.
Disabling 2FA on your Immunefi account
You may want to temporarily disable two-factor authentication on your Immunefi account. Disabling two-factor authentication may need to occur if you want to switch to a new authentication application.
Step 1: Go to your user settings and click on Disable 2FA
Step 2: Under your user settings navigate to the Two-Factor Authentication row and click on “Disable 2FA”.
You will be prompted to re-enter an authentication code. Once successful, 2FA will be disabled.
Requiring 2FA for access to your bug bounty program
You can require two-factor authentication for project users to access your bug bounty program. Doing so adds an extra layer of security and helps to ensure that only the people you trust have access to your program and related bug reports.
Only the project admin can enable/disable the program 2FA requirement.
If you are the project admin and you do not have 2FA activated on your account, you will need to do so before you can require 2FA for the program.
If you are the project admin and you do have 2FA activated on your account, you can enable/disable the program 2FA requirement in the project settings. There you will see a ‘Project 2FA’ option and you can choose to either enable or disable the requirement.
Once this feature is enabled, all project users and admins will need to activate 2FA on their accounts before they are able to view any reports in the program.
How to recover your account when 2FA is enabled
If you get locked out of your account and you have two-factor authentication enabled, complete the following steps to recover the account.
- Check your inbox for an email with the subject line “Your Immunefi account has been temporarily locked” and click the “Change Password” button.
- Enter and confirm your new password.
- Log in using the new password that you just created.
- After logging in, you will be asked to use your authenticator app to verify your identity. You may also enter a backup code if you’ve lost your authentication device.
- Once you complete these steps, you will receive a notification informing you that you have unlocked your account.
Article is closed for comments.