Two-factor authentication and other security improvements

Two-factor authentication (2FA) adds an extra layer of security to ensure no one outside your organization can gain access to your Airbrake account and the error data you’ve sent.

Airbrake already supported 2FA as part of our GitHub single sign-on feature, and now we’ve added standalone 2FA so non-GitHub users can enable this extra layer of security on your account.

How to start using the two-factor authentication

Simply enable it from your profile page by clicking the “Enable” button next to the “Two-factor authentication” setting title:

After that, you will be asked to scan the QR code with a 2FA app (e.g., Google Authenticator, Authy, 1Password or other similar apps) and provide the 6-digit authentication code to verify that you enabled the 2FA successfully. You can also manually enter the key if there are issues scanning the QR code.

Once you’ve successfully entered the 6-digit auth code, 2FA will be enabled – but there’s one more critical step!

In the event you lose access to your device and can’t receive 2FA codes, “recovery codes” can be used to regain login access to your Airbrake account. So it’s important to keep these codes protected and accessible in a safe place, like in your password manager (we use 1Password for ours).

With the setup done, on the next login, you will be asked to input the two-factor authentication code from your 2FA app.

Other login security improvements

Along with standalone 2FA, we’ve also added some additional security features to your GitHub SSO. These new settings can be found in the “Security” area of your Account Settings page here:

Require all users to login with GitHub
With this setting enabled, users on your account won’t be able to sign in using their email and password and instead must use GitHub SSO to sign in.
Restrict logins to members of a specific GitHub organization

Once you enabled “Require all users to use GitHub for login” you can also specify a GitHub organization name and only members of that organization will be able to log into your account. In case they lose access to that GitHub organization, they will lose access to your Airbrake account as well.

These new settings are designed to make it easier to give access to members across your organization, as well as to remove access to people who leave your organization. Instead of having to remember to delete a former employee’s Airbrake account, they now lose access immediately as soon as you remove them from your Github org.

We strongly encourage you to set up 2FA on your Airbrake account if you haven’t already. If you have any questions or need help, just shoot us a note at support@airbrake.io.