Two Factor Authentication

Users can choose to add two-factor authentication to their Open Collective accounts. This helps to keep your account safe.

Why Two-Factor Authentication?

Two-factor authentication provides an additional level of security for your account. If your password or email address is compromised, your account will still be protected so long as your two-factor authentication is secure.

Enabling Two-Factor Authentication

Navigate to your Dashboard > Settings > Security.

To enable 2FA, you will require a secondary authenticator service or product, such as an authenticator app, a YubiKey, or a fingerprint sensor.

How to use an Authenticator App

We recommend using Google Authenticator or 1Password.

Scan the QR code displayed on the screen with your authenticator app, and your app should offer you a time-limited six-digit code.

Type this code into the box provided to complete the process. You will now be asked for a six-figure code from the app each time you log in to your Open Collective account.

Recovery Codes

When you set up the 2FA process on Open Collective, you will be given some recovery codes. These codes are an emergency option to help you access your account if you are unable to use your authenticator app.

If you get locked out of your account due to 2FA, please contact our support team. In some cases, we may need to ask you for substantial proof that the account is indeed yours.

Enforce 2FA for all admins

You can require all your admins to enable 2FA on their profiles to perform tasks.

Opt in to enforce 2FA for all your admins. Any attempt to trigger admin operations or visit the admin pages will be blocked until admins enable 2FA on their profiles. Projects and events inherit the 2FA settings.

To enable 2FA for all admins, navigate to your Collective, Organization, or Fiscal Host Dashboard > Settings > Security and turn on two-factor authentication. Make sure to press save.

When visiting admin pages, your admins will be prompted to activate their 2FA.