Two-Factor Authentication (2FA)
Two-factor authentication (2FA) is a step toward better security. It goes beyond using only a regular password when you log in — that's single-factor authentication. We built our own secure 2FA login protection that works for every version of Basecamp.
Jump ahead to:
- Enable Two-factor Authentication
- Require Two-factor Authentication
- Use a Security Key for Two-factor Authentication
- Trouble with Two-factor Authentication
Enable Two-factor Authentication
Enable two-factor authentication to secure your account by heading to your avatar, then clicking the "Profile, password, 2FA" option:
On your profile page, scroll down, and then click the link that says "Set up 2FA or change your login info here"
On the next page, click
Set up 2FA and follow the on-screen prompts. Be sure to save your recovery codes somewhere safe! You'll need those codes to access the account if you ever lose the ability to log in with your authenticator app.
Follow the steps after you click that button, and you should be up and running with 2FA in no time.
Require Two-factor Authentication
If you are the account owner, you can enforce 2FA for your account members. The "Require two-factor authentication" option can be found in Adminland:
If you haven't enabled it for your own login yet, you will need to do that as the first step:
After that, you will have the options to send an email about 2FA setup to the members of your account, or enforce 2FA in your Basecamp account right away:
If you decide to send an email first, the members of your account will find this email in their Inbox and be able to set up 2FA for their login before you enforce it:
If you need to enforce 2FA right away, the members of your account will receive a different email and be able to set up 2FA for their login the next time they log in:
When everyone has 2FA set up, you will see a message about it on this page:
NOTE: Clients are not affected by this setting. Clients who don't have 2FA enabled will still be able to access the account.
Use a Security Key for Two-factor Authentication
After you enable 2FA for your account using an authenticator app, you can also add a security key and use it as a 2FA method. A security key is a hardware device such as a small USB or Bluetooth key, a fingerprint reader or Windows Hello. They provide stronger protection against phishing attacks than 6-digit codes and are very easy to use.
Second-factor authentication with a security key is secondary to using a 6-digit or recovery code to authenticate, so if you lose your hardware key, you can still use your authenticator app to access your account. To add your security key, after you have set up 2FA, you'll find a
Security keys link in the Security section on your login options page:
After clicking that link, click the
Add a security key button and after ensuring your hardware key is connected to your computer, click
I'm ready, let's go .
Finally, set a nickname for your key so you can remember it if you have more than one.
And that's it. After this, you can add more keys, list your existing keys and edit their nicknames or delete them by going to the
Security keys section again.
After you've added a security key, we'll offer you this method as a second-factor when you're using a compatible browser (all modern browsers are compatible). If you don't have your security key, you can always switch to entering a 6-digit code from your authenticator app or a recovery code.
Trouble with Two-factor Authentication
If you are having trouble with two-factor authentication because you lost your phone or no longer have access to your authenticator app, use one of the recovery codes you saved during setup:
If you don't have a recovery code but you're logged into a different browser session, you can get your recovery codes and update or disable your two-factor authentication settings.
- Click your avatar and select
- Then click the link at the bottom that says
Change your login info here.
View recovery codesto obtain a single-use code or on
Change 2FA settings...where you'll be able to configure another authenticator app or disable 2FA completely.
If you aren't logged in anywhere else and can't change your 2FA settings, you may need to contact us at firstname.lastname@example.org. We'd have to prove your identity beyond any reasonable doubt.
This may entail copies of government papers, like passports or driver's license, as well as utility bills, or other address verifications. It's a slow process that may take several days, and it'll be cumbersome. All this is by design. The point of 2FA is to protect your account in depth and against dedicated attacks. We will prioritize the security of your account over the ease of access recovery.