NEW BP Security Improvements: 2FA (Two-Factor Authentication)

13 Replies

Hey everyone! 

I just wanted to bring your attention to a new security feature for BiggerPockets users. We're always striving to make sure your time spent with us better, and in this case, we're aiming to make sure we can do everything in our power to ensure your account is just a little more secure :)

We just launched 2FA (Two-Factor Authentication) which provides a little extra security for your account by adding your cell phone as a means of authenticating you in addition to your password. 

Here's how it works:

1) You log-in to BiggerPockets site 

2) You receive an SMS to your phone with a code that you enter on our site.

These 2 factors combined improve security to keep your account, and your information protected from possible hackers.You can update your account to use this feature here:

If you have any questions, or concerns - please reply to this post, and a BiggerPockets staff will respond shortly!

I know this sounds like the dark ages, but we can't have access to cell phones where I work and I often check BP during lunch breaks. Are there any other alternatives that folks can use if they can't use their cell phone to receive an SMS?

I have gotten over 2k spam messages in my yahoo spam folder in less than 2 weeks..  I know it's from BP since I don't belong to any other forums and it just recently started to fill up with spam.  not sure if they are relevant but just wajwanted to share 

I noticed the 'https' with the green lock a few weeks ago and certainly appreciate it. Also I noticed that there hasn't been any phantom threads in the wee hours when I'm on here like before, which is a sure sign that its working. thanks guys.



I'm not one for giving out my number to sites because every time I do I start getting calls from telemarketers.How they get it I have no idea but I know when I give it out for things like 'security' for a site or other means for identification, the calls begin that range from companies offering vehicle warranties to insurance. Luckily I have a block feature on my phone but that list is growing. My recently changed their site and use the opting of email or phone text for verification.

@Maureen Campbell - You can possibly use something like Google Voice to get texts, but otherwise, I'm not sure. There is no requirement to set up the 2fa, though.

@George P. - We have NO evidence that our site has been hacked at any point in time.  If you're getting junk email, you may want to think about who you're letting into your network.  We don't give out email addresses without our user's express permission.

@Mary B. - We've had https on all credit card payments since we started taking them and have also transmitted passwords the same way.  We've now forced ALL pages on the main site to be secure and will push this out to 100% of the site in the near future.

@Daria B. - We don't give member phone numbers out to anyone.  They are used solely for the purpose that our users set up - for getting text message alerts from the site OR for 2fa

@Joshua Dorkin Thanks for the clarification. I was under the impression that it was going to be mandatory for everyone to switch to 2fa. If it is only an additional option, that should be fine.

Thanks for going the extra mile to keep the site secure.

It would be nice if BP could support 2FA using software on your phone, like Google Authenticator.

Nice job and thanks for notching security up again. Good thing is I am not getting calls from Telemarketers and have no problems with spam - but I have one suggestion. I use my an android tablet when I am in the kitchen having coffe in the morning and browsing BP (like every normal person I suppose). I found its tricky to open up the inbox dropdown and navigate the menue on a tablet. I got pretty good at it but I still need three or four atempts to get to my inbox. I was recently in Denver and thought about stopping by to complain in person, but in the end Little Man Ice Cream won and I thought I'll drop you a line. Maybe somone on your team has an android and can verify that...? 

@Joshua Dorkin I'm a big fan of the 2-step process for security.  I use it on my email account, and have received several notifications that people have tried to change my password unsuccessfully!  

@David Oldenburg - We've offered that service for a long time now -- you should get an email if someone tries repeatedly to login to your account unsuccessfully.  That -- in addition to 2FA helps protect our users.

Thanks for making the site more secure!  Can never be too careful these days.

Glad to hear my home-away-from-home is more secure now!  Can't thank you all enough for all the hard work and creativity you've put into this website/community :)  

Happy Investing!

Free eBook from BiggerPockets!

Ultimate Beginner's Guide Book Cover

Join BiggerPockets and get The Ultimate Beginner's Guide to Real Estate Investing for FREE - read by more than 100,000 people - AND get exclusive real estate investing tips, tricks and techniques delivered straight to your inbox twice weekly!

  • Actionable advice for getting started,
  • Discover the 10 Most Lucrative Real Estate Niches,
  • Learn how to get started with or without money,
  • Explore Real-Life Strategies for Building Wealth,
  • And a LOT more.

Lock We hate spam just as much as you

Create Lasting Wealth Through Real Estate

Join the millions of people achieving financial freedom through the power of real estate investing

Start here