MyGet Two-Factor Authentication (2FA)

With our most recent release, MyGet introduced two-factor authentication (2FA) for MyGet.org and MyGet Enterprise accounts. 2FA adds a second layer of security to your MyGet account, so that the only way someone can log into your MyGet account is if they know both your password and have access to a time-based authentication code on your phone.

MyGet 2FA supports authentication via one-time password (OTP) mobile apps like Google Authenticator or Authy. For security and accessibility reasons, we do not support SMS-based authentication. We strongly encourage you to enable 2FA for your account in MyGet.org, or, if you have a MyGet Enterprise subscription, to enforce 2FA for users across your Enterprise MyGet instance.

Enable 2FA for your MyGet.org Account

You can find a link to enable 2FA in your account settings.

  1. Download a time-based OTP app (such as Google Authenticator or Authy) to your mobile device.

  2. Click on your login name in upper-right corner of any screen and select “View profile” from the drop-down menu.

  3. Select "TWO-FACTOR AUTHENTICATION" from the sidebar menu:

Enable 2FA.

  1. Type in your password and press OK. (This makes sure that it’s you who actually wants to modify the account.)

  2. On the following screen, check the box to enable or disable 2FA for your account.

  3. Using the authenticator app on your mobile device, scan the QR code that appears on your screen and enter the six-digit code generated your app.

Set 2FA.

  1. Click “Save.” 2FA is now active for your account!

  2. Copy your recovery codes and save them to a secure location. They can help you log into your MyGet account if you lose access and are unable to use your 2FA app to authenticate.

Show recovery codes.

Signing in with 2FA

Once you have activated 2FA, you will need to use it when signing into your MyGet account. Click "Sign In" on MyGet.org, and enter your login name and password. In the next screen you will see a prompt asking you to provide a code from your authenticator app.

Show recovery codes.

Now, enter the code, click "Sign In" and… you’re signed into MyGet!

Recovery codes

In the (hopefully, rare) situation when you cannot use your authenticator app and are locked out of MyGet, MyGet provides recovery codes. Each code can only be used one time to authenticate during sign-in without having to use your 2FA app.

The codes can be viewed under Two-Factor Authentication tab in your profile settings. You can retrieve the codes by clicking “Show your recovery codes” and re-entering your MyGet password. Be sure to save your recovery codes to a secure location. Keep track of which codes have been used, as you will not be able to distinguish used and unused codes from within your MyGet settings.

  1. If you cannot use your 2FA app to sign in, click the link “Need to use your recovery code?” when prompted for an authentication code during sign-in.

Sign in with 2FA.

  1. Then enter one of your ten recovery codes in the next screen.

Sign in with Recovery Codes.

  1. If you enter a correct code, you will be logged in to MyGet. You will not be able to use the same recovery code to sign in again.

If you lose track your original recovery codes, they can be regenerated. However, to maintain the security of your account, please use these codes for recovery in emergency situations only.

To reset your list of recovery codes, access your Two-Factor Authentication settings, click “Show recovery codes”, and press the “GET NEW CODES” button.

Because this will erase your previous set of recovery codes, you will be prompted to confirm the changes to your settings before proceeding.

Generate new codes.

If you press OK, new codes will be generated and the old ones will not work anymore. Please use with caution!

Enforce 2FA for your organization with MyGet Enterprise

With MyGet Enterprise, you can enforce 2FA for anyone with access to your organization’s MyGet account and feeds. To enable organization-level 2FA, you need to have Administrator rights for a MyGet Enterprise subscription (so that the Enterprise Admin page is visible to you from your profile dropdown menu).

To enable 2FA for all users of your MyGet Enterprise tenant:

  1. Log into your MyGet Enterprise account from your web browser, and click on your profile icon in the upper-right corner.

  2. From the dropdown menu, select Enterprise Admin, and then click the Accounts tab on the sidebar menu. Scroll down to the Two-Factor Authentication section at the bottom of the page.

Enforce 2FA on MyGet Enterprise.

If you enable this option and click "Save", users invited to your MyGet Enterprise account will be prompted to configure 2FA during the process of signing in for the first time.

Oblige all users with access to your MyGet Enterprise instance to configure 2FA the first time they log in.

When they try to sign in, they will automatically be presented a QR code that they must use with a 2FA app to configure 2FA for their account. Once they have set up their 2FA app, they will be able to continue signing in. Any time they attempt to sign in after that, they will need to use their 2FA app to enter a one-time authentication code.

Found an issue with the documentation on this page? We accept contributions!
Read our contribution guidance or edit this page's source on GitHub.