Two-step verification (also known as two-factor authentication) adds an extra layer of security that helps protect your account at login, no matter where you're working or what device you'd like to use.

The first step is entering your password. For the second step, you have three options.

  • Enter a six-digit code sent to your phone or email
  • Generate a code using an authenticator app
  • Use your Upwork mobile app to receive a prompt to confirm it’s you

Step 1: Enter your password

A good password is the first step to protecting your private information.

  • Set up strong passwords (uppercase, lowercase, numbers, symbols)
  • Use unique passwords – don’t use the same password for multiple accounts
  • Don’t share or store passwords where someone else could access them (assume hackers can get at any information on your computer)
  • Change your passwords every 90 days

Step 2: Verify your account

To verify your account, you can choose from three options.

  • Have a 6-digit code sent to your phone or email
  • Generate a code with an authenticator app
  • Confirm it's you via a prompt from the Upwork mobile app

 

AUTHENTICATOR APPS

What is an authenticator app?
An authenticator app is an application you can add to your phone or tablet. It creates a 6-8 digit passcode every 30 seconds. The code can be used for logins where it’s important to confirm that the person is “really you”.

 

How do authenticator apps work?
Authenticator apps use Time-Based One-Time Passcodes (TOTP) to “confirm it’s really you”. This is a standardized method for generating a regularly changing code based on a shared secret (shared between Upwork and your phone; no one else!). TOTP is a standard method for account verification.

What if I get a new phone after I’ve set up my authenticator app?

It’s important to understand that when you enable an authenticator app you are setting up two things. 

  • Using a specific device for account verification (your phone)
  • Using a code generated by the authenticator app on your device

If  you get a new phone, you’ll need to do two things to continue to use your authenticator app.

  • You’ll need to transfer the app to your new phone. Be sure to import your existing accounts into the app!
  • You’ll need to disable, then re-enable your authenticator app in your Password & security Settings to pair your new phone to your account

How do I get an authenticator app?
You can choose from many different (and mostly free) authenticator apps. Google Authenticator is a popular app that is available in both the Apple App and Google Play stores.

 

Set up an authenticator app for (TOTP) verification

Setting up verification with your authenticator app (TOTP) involves a few steps.

 

1. Install an authenticator app.

Google Authenticator is a popular app that is available in both the Apple App and Google Play stores. 

2. Log in to Upwork.

Be sure to use a secure password. 

3. Choose a way to protect your account.

You’ll be asked to protect your account with either authenticator or text verification. Choose Authenticator

4. Upwork will create a secret key for you.

It’s a string of random numbers and letters. We will show you a QR code with the key’s information built into it. 

5. Scan the QR code.

Use your authenticator app to scan the code and import your secret key.

Note: If you don’t want to scan the code, choose provide you with a key. We will send you a key made of numbers and letters. Add this key to your authenticator app. 

6. Enter your key.

Your authenticator app will create a 6-digit key. Type the numbers into the box on Upwork. 

7. Success!

Your two-factor authentication has been activated! Now, you can use your app to make sure that “it’s really you” whenever you log in.

 

You can also enable authenticator verification from within Upwork.

  1. Go to Settings Password & Security
  2. Choose Enable next to Authenticator Verification
  3. Save the secret key to the authenticator app by manually entering it or scanning the QR code 
  4. Enter the six-digit code and click Next 

Enable Upwork mobile app prompts

You can also choose to enable mobile app prompts to verify your account.

  1. Go to SettingsPassword & Security
  2. Choose Enable next to Mobile app prompt

    Note: To use this feature, be sure you’ve already downloaded the Upwork mobile app and enabled notifications on your mobile device. You'll need to stay signed into the Upwork app in order to receive notifications, including mobile app prompts.

  3. Open the prompt from your mobile app when guided to do so
  4. Tap on Confirm in your mobile app

Enable text message verification

If you prefer not to use an authenticator app, you can choose to enable text message verification.

  1. Go to Settings Password & Security
  2. Choose Enable next to Text message
  3. Enter your country code and phone number. We’ll text you a code
  4. Enter the six-digit code and click Next

Disable verification

You can remove your two-step security verification at any time.

  1. Go to Settings Password & Security
  2. Choose Edit next to your chosen verification method
  3. Choose Delete  
  4. Confirm to delete and disable the verification method

 

PRO TIP

Two-step verification adds an extra layer of security that helps protect your account. As with any online business, it’s always important to be diligent in protecting your information, your computer, and your access.

 

What is an authenticator app?

An authenticator app is an application that is usually installed on a smartphone and generates a six to eight digit passcode every 30 seconds. The passcode can be used for login and other activity where it’s important to confirm that the person initiating the activity is “really you.”

How does an authenticator app work?

Authenticator apps use Time-Based One-Time Passcodes (TOTP). This is a standardized method for generating a regularly changing code based on a shared secret (shared between Upwork and your phone; no one else). Because TOTP is a standard method for authentication, you can choose from many different (and mostly free) authenticator apps for your mobile device. Google Authenticator is a popular app that is available in both the Apple App and Google Play stores.

What if I don't have access to a smartphone?

While we strongly discourage it because it’s a much less secure option, you can receive a verification code via the email you have on file with us. First, however, you would have to exhaust/fail all secure sign-on options (SMS, OTP, TOTP). This would prompt our system to send a code to your email address.

My timing doesn’t seem to be working. What can I do?

Authenticator apps need the time on your phone to be in-sync with the official time in order to work. You can disconnect your phone from the internet and as long as its time is still correct, it will successfully generate the codes you need. However, manual time settings and offline devices will not always match up.

If your phone's time is out of sync, or if you have changed time zones, the best way to fix it is to change the time settings on your phone from "Manual" to "Automatic".

On iPhone

  • Go to the Settings app
  • Select General
  • Select Date & Time
  • Enable Set Automatically

On Android*

  • Go to the Settings app
  • Select General Management
  • Select Date and Time
  • Enable Automatic date and time

*Instructions for Android may vary slightly depending on the manufacturer of the phone.

Log in to get personalized help.