Two-Factor Authentication (2FA) is a great security tool, and we always recommend it. Most apps make it pretty easy to turn on 2FA, and Slack is no exception. Here’s how to enable it and make yourself safer.
You’ll need to be logged in to your Slack workspace, so go ahead and do this first, either in the Slack desktop app or at [yourworkspace].slack.com. Once you’re in, click on the arrow next to the name of the workspace, and then click “Profile & Account.”
Your account information will be displayed on the right-hand side of the screen. Click the ellipsis (the three dots) and in the menu that appears click “Open account settings.”
This is where you can choose your account settings, change notification preferences, and amend your profile. To set up 2FA, click on the “expand” button next to the “Two-Factor Authentication” option.
Now click “Set Up Two-Factor Authentication.”
Now you get to choose how you want to receive your 2FA codes. We recommend using an authenticator app, which is the process we’re going to show here, but you can use SMS if you prefer as it’s better than not using 2FA at all.
A word of warning: We tested Slack 2FA on three different authenticator apps: Authy, Google Authenticator, and Microsoft Authenticator. All three worked well for a single Slack instance. However, when we added a second Slack instance, Authy and Google Authenticator correctly added it as a second account, but Microsoft Authenticator overwrote the first Slack account and locked us out of it. We got back in using backup codes, but it still wasn’t fun. So if you need to add 2FA to more than one Slack instance, we’d recommend Authy or Google Authenticator.
The first step in the process is to install your authenticator app, which we’ll assume you’ve done already. In the second step, you’ll open your authenticator app and add an account. Hold your phone camera up to the QR code displayed by Slack, and follow the instructions in your app. Finally, enter the code that’s been generated by your authenticator app.
Slack will display a panel of backup codes that you can use to access your account if you lose your phone. Keep a copy of these codes somewhere safe (somewhere that doesn’t require your phone to access, obviously).
Now your Slack account is set up and configured for 2FA. If you have the Slack app on your phone, it will offer to email you a “magic link” which will allow you to login in without having to enter a 2FA code. And that’s all there is to it.