Enable Two-factor Authentication
Two-factor authentication (2FA for short) adds an extra layer of security to your account. This type of multi-factor authentication requires that you enter your username and password, then enter another piece of information that should only be accessible to you.
YouTrack supports two types of two-factor authentication:
App-based Authentication lets you pair your account with an external app. In this case, you need to enter a code that is generated by a third-party authentication app to log in to YouTrack.
Token-based Authentication lets you pair your account with a hardware token. In this case, you need to interact with a hardware device that is in your possession to log in to YouTrack.
You are limited to one type of two-factor authentication. This means that you can't use token-based authentication together with app-based authentication.
note
Required Two-factor AuthenticationAn administrator can require 2FA for every member of a specific group. When this option is enabled for a group of which you are a member, you are prompted to enable this feature when you log in to YouTrack.
If you choose not to enable 2FA when prompted, the permissions for your account are stripped down to the most basic level of access. You are not able to work with YouTrack with the permissions that are available to your account until you set up 2FA.
To learn how to require 2FA for one or more groups in Hub, see Require Two-factor Authentication.
YouTrack supports two-factor authentication for a range of authentication apps and hardware tokens. To switch from one type of 2FA to another, you first need to delete the integration with the app or hardware token that you currently use for authentication. You can then pair your Hub account with a new app or device.
note
External Hub AccountsThese instructions are only relevant for YouTrack Server installations that use a built-in Hub service. When YouTrack is connected to an external Hub, these settings are managed in your Hub account. To access your Hub account from YouTrack, click the Update personal information and manage logins link in your YouTrack profile.
To learn how to manage two-factor authentication in Hub, please refer to the Hub documentation.
tip
Requires permissions: Update Self
Click your avatar in the header, then select the Profile link.
Switch to the Account Security tab.
Locate the Two-factor authentication setting.
Click the Delete authentication app integration or Unregister device link.
The authentication app or hardware token that was previously paired with your account is no longer recognized as a valid second factor for authentication.
Two-factor authentication is disabled for your account.
If you aren't required to use two-factor authentication, you are able to log in to YouTrack with a username and password. You can choose to pair your account with a new authentication app or hardware token or continue to log in with a username and password.
If you belong to a group for which two-factor authentication is required, you are immediately prompted to set up the feature. Access to YouTrack is severely restricted until you re-enable 2FA. To restore access, use the Two-factor authentication controls in your profile to pair your account with a new authentication app or hardware token.
As long as you don't belong to a group for which two-factor authentication is required, you can also disable 2FA for your account. You might choose to disable 2FA when you know in advance that you won't have access to the app or hardware device for a limited time frame.
For example, you use an app on your mobile phone as a second factor and disable the feature while your phone is out for repair. Once you pick up your phone from the shop, you can re-enable the feature without having to pair your account with the app a second time.
The same principle applies when you purchase a new device.
Log in to your account using an authentication code that is generated on your old mobile phone.
Disable 2FA for your account as described here.
Re-enable the feature by pairing your account with the authentication app on your new mobile phone.
note
External Hub AccountsThese instructions are only relevant for YouTrack Server installations that use a built-in Hub service. When YouTrack is connected to an external Hub, these settings are managed in your Hub account. To access your Hub account from YouTrack, click the Update personal information and manage logins link in your YouTrack profile.
To learn how to disable two-factor authentication in Hub, please refer to the Hub documentation.
tip
Requires permissions: Update Self
Click your avatar in the header, then select the Profile link.
Switch to the Account Security tab.
Locate the Two-factor authentication setting.
Click the Disable link.
Two-factor authentication is disabled for your account.
If you aren't required to use two-factor authentication, you are able to log in to YouTrack with a username and password. Otherwise, you are immediately prompted to set up the feature. Access to YouTrack and connected services is severely restricted until you re-enable 2FA.
The Disable link switches to an Enable link. When you're ready to re-enable the feature and secure your account, open your account and click this link.
Thanks for your feedback!