Authentication options can be configured in "User Settings / Authentication".
Session access restriction
To increase the security of YesWeHack user sessions, users are able to restrict access to their sessions to the IP address that initiated the connection. If a new IP address uses the same session token, the session will not work.
If the connection legitimately uses several different egress IP addresses (e.g. mobile networks, VPN providers...), the use of this feature is not recommended.
TOTP
Account access can be secured using two-factor authentication. A Time-based One-Time Password algorithm (TOTP) is used as the second factor. In addition to the email address and password, it is required to enter a six-digit code based on a shared secret and valid for only 30 seconds.
Activation of the TOTP is a prerequisite for access to programs marked as "Secured".