Forum Academy Marketplace Showcase Pricing Features

[New Feature] Two-Factor Authentication

This is a feature that we’re very excited to announce. Bubble now supports 2-factor authentication, and this applies both to your Bubble account and to apps built on Bubble!

With two-factor authentication turned on, anyone logging in as you to an app will need to have access to a mobile device linked to your account. We support using the Google Authenticator and Authy apps to link your device (though other TOTP apps should work as well).

Bubble Account
For your Bubble account, we can go to your account page and set up this protection. You should download the application that you want to use, and then scan the QR code that will be shown and enter the first token to activate 2FA. Once this is set up, you’ll be prompted to enter this code whenever you try to log in.

We strongly recommend setting up two-factor authentication to protect the security of your account.

You will also be able in the account page to generate some one-time back up codes, that you can use to log in when you lose your phone. It is important to keep these codes in a safe place.

Adding 2FA to your apps
You can now add 2FA protection to your apps as well (if you are on the Production plan). As our own app is built on Bubble, this use the same workflow actions. To se this up, you basically need 4 things:

  1. First, you need to activate 2FA to your app in the General tab of the Settings tab (note that the plan needs to be production for this to work).

  1. First, you need to build a workflow that users can run when they’re logged in to generate an individual QR code for their account. This action returns an image that you can display in a group that has an image element.

  2. Then you need a second workflow to validate the token and activate 2FA. This should be the token the users see when they scan the QR code.

  3. Lastly, you need to define a page where users will be redirected to to enter their token, and add a simple workflow there using the check 2FA Token action. Once a user has been through that workflow, he/she will be logged in.

  4. Optionally, you can add some actions to disable 2FA, or generate back up codes. You can also access the 2FA status of a user by doing Current User’s 2FA activated (which returns yes/no).

Here is the detail for the different actions:

This will help building more secure apps.



:heart_eyes: Brilliant. Thank you!

Woah :ok_hand:t3:

Great! Thank You!

Thank you!!

Keen to know if anyone has been successful if getting this to work?


Is this feature available for Marketplace Sellers? I am creating a dashboard where I want to integrate this feature.

You want to add this to your app? If so, you should put on your a Production plan.

Why should adequate security be pay-to-play? I mean, I get paying something, but gatekeeping a common security feature for the highest tier only is unreasonable.


Hey @emmanuel,

Is it possible to get an option where a code can be texted to the user? Instead of just through one of the apps?

Yeah, I am with you @adam5. I’m a cyber security professional; in fact my first app is a cyber security app. It’s a brand new app and I am a startup; I can’t afford the near-$6000 per year price tag to enable my users to have MFA. In this day and age, pay-gating cyber security seems ludicrous. @emmanuel – this is all kinds of wrong. Offering our clients proper security shouldn’t be $6000 per year!