Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is a  step toward better security. It goes beyond using only a regular password when you log in — that's single-factor authentication. We built our own secure 2FA login protection that works for every version of Basecamp.

Jump ahead to:


Enable Two-factor Authentication

Enable two-factor authentication to secure your account by heading to your avatar, then clicking the "Profile, password, 2FA" option:

Screenshot of a dropdown menu with a red arrow pointing at the Profile, password, 2FA option

On your profile page, scroll down, and then click the link that says "Set up 2FA or change your login info here"

Screenshot of a profile page with a red arrow pointing at the Set up 2FA or change your login info here link


On the next page, click  Set up 2FA  and follow the on-screen prompts. Be sure to save your recovery codes somewhere safe! You'll need those codes to access the account if you ever lose the ability to log in with your authenticator app. 

Follow the steps after you click that button, and you should be up and running with 2FA in no time.

Require Two-factor Authentication

If you are the account owner, you can enforce 2FA for your account members. The "Require two-factor authentication" option can be found in Adminland:

Screenshot of the Adminland page with a red arrow pointing at the Require 2FA option

If you haven't enabled it for your own login yet, you will need to do that as the first step:

Screenshot of the "Require two-factor authentication" page where you need to set up 2FA for your own login first

After that, you will have the options to send an email about 2FA setup to the members of your account, or enforce 2FA in your Basecamp account right away:

Screenshot of the second step in the "Require two-factor authentication" process

If you decide to send an email first, the members of your account will find this email in their Inbox and be able to set up 2FA for their login before you enforce it: 

Screenshot of an email your account members receive when 2FA will be required soon

If you need to enforce 2FA right away, the members of your account will receive a different email and be able to set up 2FA for their login the next time they log in: 

Screenshot of an email your account members receive when 2FA is required now

When everyone has 2FA set up, you will see a message about it on this page:

Screenshot of the page with the prompt that 2FA is now required for an account

NOTE: Clients are not affected by this setting. Clients who don't have 2FA enabled will still be able to access the account.

Use a Security Key for Two-factor Authentication

After you enable 2FA for your account using an authenticator app, you can also add a security key and use it as a 2FA method. A security key is a hardware device such as a small USB or Bluetooth key, a fingerprint reader or Windows Hello. They provide stronger protection against phishing attacks than 6-digit codes and are very easy to use. 

Second-factor authentication with a security key is secondary to using a 6-digit or recovery code to authenticate, so if you lose your hardware key, you can still use your authenticator app to access your account. To add your security key, after you have set up 2FA, you'll find a Security keys link in the Security section on your login options page:

After clicking that link, click the  Add a security key button  and after ensuring your hardware key is connected to your computer, click I'm ready, let's go

Finally, set a nickname for your key so you can remember it if you have more than one.

And that's it. After this, you can add more keys, list your existing keys and edit their nicknames or delete them by going to the Security keys section again.

After you've added a security key, we'll offer you this method as a second-factor when you're using a compatible browser (all modern browsers are compatible). If you don't have your security key, you can always switch to entering a 6-digit code from your authenticator app or a recovery code.

NOTE: Passkeys are currently supported as a 2FA method, and you can use one instead of a Security Key or 2FA codes. Passwordless authentication using a passkey is not supported at the moment.


Trouble with Two-factor Authentication

If you are having trouble with two-factor authentication because you lost your phone or no longer have access to your authenticator app, use one of the recovery codes you saved during setup:

If you don't have a recovery code but you're logged into a different browser session, you can get your recovery codes and update or disable your two-factor authentication settings.

  1. Click your avatar and select  My Profile
  2. Then click the link at the bottom that says Change your login info here.
  3. Click View recovery codes to obtain a single-use code or on Change 2FA settings... where you'll be able to configure another authenticator app or disable 2FA completely.

If you aren't logged in anywhere else and can't change your 2FA settings, you may need to contact us at support@basecamp.com. We'd have to prove your identity beyond any reasonable doubt. 

This may entail copies of government papers, like passports or driver's license, as well as utility bills, or other address verifications. It's a slow process that may take several days, and it'll be cumbersome. All this is by design. The point of 2FA is to protect your account in depth and against dedicated attacks. We will prioritize the security of your account over the ease of access recovery.