It’s important to keep your personal information protected. One safeguard we provide is two-step verification, which provides an extra layer of security at login and when you access certain information in your account, such as settings or payments.

Two-step verification (also known as two-factor or multi-factor authentication) helps protect your account by requiring you to take a second step in addition to your password. This helps ensure that it’s you accessing your account and helps block unauthorized access.

Here’s how it works:

  1. You log in to your Upwork account
  2. You confirm it’s you in one of three ways:
    • Enter a six-digit code that is sent to your phone
    • Enter a six-digit code that is generated by an authenticator app
    • Use your Upwork mobile app to receive a prompt to confirm it’s you

To use two-step verification


Step 1: Enter your password

A good password is the first step to protecting your private information.

  • Set up strong passwords (using uppercase, lowercase, numbers, and symbols)
  • Use a unique password for every account
  • Don’t share or store passwords where someone else could access them (assume hackers can get at any information on your computer)
  • Change your passwords every 90 days

Step 2: Verify your account

To verify your account, you can choose from three options:

  • Confirm it's you through a prompt from the Upwork mobile app
  • Have a 6-digit code sent to your phone
  • Generate a code with an authenticator app

Enable Upwork mobile app prompts


To use this feature, be sure you’ve already downloaded the Upwork mobile app and enabled notifications on your mobile device. You'll need to stay signed into the Upwork app to receive notifications, including mobile app prompts.

You can enable mobile app prompts to verify your account with these easy steps:

  1. Go to SettingsPassword & Security
  2. Turn on the toggle switch next to Mobile app prompt
  3. Open the prompt from your mobile app when guided to do so
  4. Tap on Verify in your mobile app

Enable text message verification (SMS)


You can easily enable text message verification. This is also known as SMS, which stands for short message service. To set it up, just follow these simple steps:

  1. Go to SettingsPassword & Security
  2. Turn on the toggle switch next to Text message
  3. Enter your country code and phone number. We’ll text you a code
  4. Enter the six-digit code and choose Verify

Understand authenticator apps


An authenticator app is an application you can add to your phone or tablet. It creates a 6-8 digit passcode every 30 seconds, which is called a Time-Based One-Time Passcode (TOTP).

The passcodes are account and device specific. This is a standardized method for generating a regularly changing code based on a shared secret (in this case shared between Upwork and your phone, no one else).

  • If you also use an authenticator to log in to other accounts, your app will generate different codes for each account
  • Your passcode will only generate on the device you enable when you set up the authenticator app. If you get a new phone, you’ll need to transfer the app to your new phone and import your existing accounts into the app. Then you’ll need to disable and re-enable your authenticator app in your Password & Security Settings to pair your new phone to your account

You can choose from many different (and mostly free) authenticator apps. Google Authenticator is a popular app that is available in both the Apple App and Google Play stores.

Enable Authenticator app code verification from within Upwork


  1. Go to SettingsPassword & Security
  2. Turn the toggle switch on next to Authenticator app code
  3. Save the secret key to the authenticator app by manually entering it or scanning the QR code
  4. Enter the six-digit code and choose Verify

Disable verification


You can remove your two-step security verification at any time.

  1. Go to SettingsPassword & Security
  2. Turn off the toggle switch next to your chosen verification method
  3. Choose Delete in the popup box that appears
  4. Confirm Yes, delete and disable the verification method

PRO TIP

Work with confidence. By adding two-step verification to your account, you gain an extra layer of security to protect your information. Learn more about how to protect your information.

Frequently Asked Questions

What if I don't have access to a smartphone?

If you have another mobile device, such as a tablet, you can use the mobile app prompt on that device. As a last-resort alternative, you can receive a verification code via the email you have on file with us. First, however, you would have to exhaust/fail all secure sign-on options (mobile app prompt, SMS, TOTP). This would prompt our system to send a code to your email address.

I can’t access my two-step verification method. What should I do?

If you enable several two-step verification options, when challenged you will be able to choose any of them. Additionally, you can use your security question answer as a backup option. If you exhaust and fail all secure sign-on options (Mobile prompt, SMS, TOTP) and the security question answer, our system sends a code to your email address if you didn't disable this feature manually. If you still can't proceed, you'll need to contact Upwork Support.

What is an authenticator app?

An authenticator app is an application that is usually installed on a smartphone and generates a six to eight digit passcode every 30 seconds. The passcode can be used for login and other activity where it’s important to confirm that the person initiating the activity is really you.

How does an authenticator app work?

Authenticator apps use Time-Based One-Time Passcodes (TOTP). This is a standardized method for generating a regularly changing code based on a shared secret (shared between Upwork and your phone; no one else). Because TOTP is a standard method for authentication, you can choose from many different (and mostly free) authenticator apps for your mobile device. Google Authenticator is a popular app that is available in both the Apple App and Google Play stores.

What if I get a new phone after I’ve set up my authenticator app?

It’s important to understand that when you enable an authenticator app you are setting up two things:

  • Using a specific device for account verification (your phone)
  • Using a code generated by the authenticator app on your device

If you get a new phone, you’ll need to do two things to continue to use your authenticator app.

  • You’ll need to transfer the app to your new phone. Be sure to import your existing accounts into the app!
  • You’ll need to disable and re-enable your authenticator app in your Password & Security Settings to pair your new phone to your account
How do I get an authenticator app?

You can choose from many different (and mostly free) authenticator apps. Google Authenticator is a popular app that is available in both the Apple App and Google Play stores.

My timing doesn’t seem to be working. What can I do?

Authenticator apps need the time on your phone to be in-sync with the official time to work. You can disconnect your phone from the internet and as long as its time is still correct, it will successfully generate the codes you need. However, manual time settings and offline devices will not always match up.

If your phone's time is out of sync, or if you have changed time zones, simply change the time settings on your phone from "Manual" to "Automatic".

On iPhone

  • Go to the Settings app
  • Select General
  • Select Date & Time
  • Enable Set Automatically

On Android*

  • Go to the Settings app
  • Select General Management
  • Select Date and Time
  • Enable Automatic date and time

*Instructions for Android may vary slightly depending on the manufacturer of the phone.

Do I need to enable two-step verification if I log in via face or fingerprint recognition?

Yes. Currently, face or fingerprint recognition works only for authentication. Using these options you can log in, but you cannot pass a two-step verification challenge. We still encourage you to enable a two-step verification option to keep your account secure.

otp

Was this article helpful?

981 out of 1889 found this helpful
{"global":{"message":"We are currently looking into some reports about difficulties in receiving the code on mobile devices for fund withdrawals in the Philippines. Resolving this matter is our top priority and we will keep you updated as soon as possible.","icon":"info","start":"","end":""},"responsive":[{"message":"","country":"","usertype":"all","icon":"info","start":"","end":""},{"message":"","country":"All","usertype":"all","icon":"info","start":"","end":""}]}