We understand how important it is to you to make sure your personal information is protected. In addition to the ever-evolving safeguards we put in place on Upwork, you can also choose to add an extra layer of security.

Two-step verification (also known as two-factor authentication) helps protect your account at login by requiring you to enter a one-time code in addition to your password.

Here’s how it works:

  1. You log in to your Upwork account
  2. You confirm it’s you in one of three ways:
    • Enter a six-digit code that is sent to your phone or email
    • Enter a six-digit code that is generated by an authenticator app
    • Use your Upwork mobile app to receive a prompt to confirm it’s you

To Use Two-Step Verification

Step 1: Enter your password

A good password is the first step to protecting your private information.

  • Set up strong passwords (using uppercase, lowercase, numbers, and symbols)
  • Use a unique password for every account
  • Don’t share or store passwords where someone else could access them (assume hackers can get at any information on your computer)
  • Change your passwords every 90 days

Step 2: Verify your account

To verify your account, you can choose from three options.

  • Have a 6-digit code sent to your phone or email
  • Generate a code with an authenticator app
  • Confirm it's you via a prompt from the Upwork mobile app

 

AUTHENTICATOR APPS

What is an authenticator app?

An authenticator app is an application you can add to your phone or tablet. It creates a 6-8 digit passcode every 30 seconds. The code can be used for logins where it’s important to confirm that the person is really you.

How do authenticator apps work?

Authenticator apps use Time-Based One-Time Passcodes (TOTP) to confirm it’s really you. This is a standardized method for generating a regularly changing code based on a shared secret (shared between Upwork and your phone; no one else). TOTP is a standard method for account verification.

What if I get a new phone after I’ve set up my authenticator app?

It’s important to understand that when you enable an authenticator app you are setting up two things.

  • Using a specific device for account verification (your phone)
  • Using a code generated by the authenticator app on your device

If you get a new phone, you’ll need to do two things to continue to use your authenticator app.

  • You’ll need to transfer the app to your new phone. Be sure to import your existing accounts into the app!
  • You’ll need to disable and re-enable your authenticator app in your Password & Security Settings to pair your new phone to your account

How do I get an authenticator app?

You can choose from many different (and mostly free) authenticator apps. Google Authenticator is a popular app that is available in both the Apple App and Google Play stores.


Set up an authenticator app for (TOTP) verification

Setting up verification with your authenticator app (TOTP) involves a few steps.

1. Install an authenticator app.

Google Authenticator is a popular app that is available in both the Apple App and Google Play stores.

2. Log in to Upwork.

Be sure to use a secure password.

Login to Upwork

3. Choose a way to protect you account.

You’ll be asked to protect your account with either authenticator or text verification. Choose Authenticator.

Upwork Authenticator

4. Upwork will create a secret key for you.

It’s a string of random numbers and letters. We will show you a QR code with the key’s information built into it.

QR code authenticator

5. Scan the QR code.

Use your authenticator app to scan the code and import your secret key.

Note:

If you don’t want to scan the code, choose provide you with a key. We will send you a key made of numbers and letters. Enter this key in your authenticator app.

secret key for authentication

6. Enter your key.

Your authenticator app will create a 6-digit key. Type the numbers into the box on Upwork.

confirm authentication code

7. Success!

Your two-factor authentication has been activated! Now, you can use your app to make sure that it’s really you whenever you log in.

Enable Authenticator verification from within Upwork

  1. Go to SettingsPassword & Security
  2. Choose Enable next to Authenticator Verification
  3. Save the secret key to the authenticator app by manually entering it or scanning the QR code
  4. Enter the six-digit code and click Next

Enable Upwork mobile app prompts

You can also choose to enable mobile app prompts to verify your account.

  1. Go to Settings › Password & Security
  2. Choose Enable next to Mobile app prompt
  3. Note: To use this feature, be sure you’ve already downloaded the Upwork mobile app and enabled notifications on your mobile device. You'll need to stay signed into the Upwork app in order to receive notifications, including mobile app prompts.
  4. Open the prompt from your mobile app when guided to do so
  5. Tap on Confirm in your mobile app

Enable text message verification

If you prefer not to use an authenticator app, you can choose to enable text message verification.

  1. Go to SettingsPassword & Security
  2. Choose Enable next to Text message
  3. Enter your country code and phone number. We’ll text you a code
  4. Enter the six-digit code and click Next

Disable verification

You can remove your two-step security verification at any time.

  1. Go to SettingsPassword & Security
  2. Choose Edit next to your chosen verification method
  3. Choose Delete
  4. Confirm to delete and disable the verification method

PRO TIP

Work with confidence. By adding two-step verification to your account, you gain an extra layer of security to protect your information. Learn more about how to protect your information here (link to T&S article of choice).

Frequently Asked Questions

What is an authenticator app?

An authenticator app is an application that is usually installed on a smartphone and generates a six to eight digit passcode every 30 seconds. The passcode can be used for login and other activity where it’s important to confirm that the person initiating the activity is really you.

How does an authenticator app work?

Authenticator apps use Time-Based One-Time Passcodes (TOTP). This is a standardized method for generating a regularly changing code based on a shared secret (shared between Upwork and your phone; no one else). Because TOTP is a standard method for authentication, you can choose from many different (and mostly free) authenticator apps for your mobile device. Google Authenticator is a popular app that is available in both the Apple App and Google Play stores.

What if I don't have access to a smartphone?

While we recommend authenticator apps as the best way to protect yourself, we know that they aren’t an option for everyone. As an alternative, you can receive a verification code via the email you have on file with us. First, however, you would have to exhaust/fail all secure sign-on options (SMS, OTP, TOTP). This would prompt our system to send a code to your email address.

My timing doesn’t seem to be working. What can I do?

Authenticator apps need the time on your phone to be in-sync with the official time in order to work. You can disconnect your phone from the internet and as long as its time is still correct, it will successfully generate the codes you need. However, manual time settings and offline devices will not always match up.

If your phone's time is out of sync, or if you have changed time zones, simply change the time settings on your phone from "Manual" to "Automatic".

On iPhone

  • Go to the Settings app
  • Select General
  • Select Date & Time
  • Enable Set Automatically

On Android*

  • Go to the Settings app
  • Select General Management
  • Select Date and Time
  • Enable Automatic date and time

*Instructions for Android may vary slightly depending on the manufacturer of the phone.

Log in to get personalized help.