For the twelfth and final day of the 12 Days of 2FA, we will look at how to enable two-factor authentication on Slack. If you are a member of multiple Slack “teams” (e.g. and, you will need to set up 2FA separately for each account you use.

Slack supports 2FA via text message and via one of many authenticator apps. Authenticator apps are more secure for most people and do not have the potential for interception that text messages do. If you decide to use an authenticator app, Slack does not require a backup method or phone number, meaning you can keep your number off Slack if you choose.

  1. Click on “Profile & account” under your username in the top left corner. In your profile summary that pops up on the right, click “Account Settings.”

  1. “Expand” the section on two-factor authentication.

  1. Click “Setup Two-Factor Authentication.”

  1. Before making security changes to your account, you may be prompted to enter your password.

  1. Now you can choose whether you’d like to receive verification codes via text messages or an authenticator app. Authenticator apps are more secure and avoid a lot of the downfalls of SMS. However, SMS is more practical if you do not use a smartphone. Consider your threat model and choose the best mode for you.

  1. If you choose to use an authenticator app, select “Use an app” and follow the instructions to download an authenticator app if you haven’t already, scan the QR code, enter your verification code, and click “Verify Code and Activate.”

  1. If you choose to use text messages, select “SMS Text Message.” Enter a phone number at which you can receive texts and click “Add phone number.”

Soon after you click, you’ll receive a text message with your verification code. Enter it and click “Verify code and enable.”

  1. With 2FA set up, you’ll be asked to sign in again and enter a 2FA verification code.

  1. Before returning to your settings page, you’ll get your backup codes. Print or copy them and keep them in a safe place.

Stay tuned for more posts on two-factor authentication during the 12 Days of 2FA.

Related Issues