Secure your Postman account with two-factor authentication
Today, we’re introducing two-factor authentication (2FA) for all Postman users, enabling you to add an extra layer of security to your Postman account and data. We strongly recommend leveraging 2FA because it reduces the potential risk of an attacker compromising your account.
How 2FA works
After password verification, you’ll be asked to provide a time-based one-time password (TOTP) generated by an authenticator app. Also, recovery codes can help you access your account if you lose your device. However, you can only use each of these codes once.
How to enable 2FA for Postman
To enable 2FA, log in to your Postman account and visit the Account Settings page; follow the instructions on the screen to activate 2FA.
You must use an authenticator app that supports TOTP. We recommend using cloud-based TOTP apps like Authy, Microsoft Authenticator, LastPass Authenticator, or 1Password. Please ensure that you keep recovery codes in a secure place. You can find more details about setting up 2FA on Postman Learning Center.
Note: 2FA is only available for password-based authentication methods—it is not available for Google and SSO-based logins. You can enable two-factor or multi-factor authentication with your identity provider.
Additionally, you can visit the Postman Trust Center to gain knowledge about organizational security and how to protect your accounts and data in Postman.
What do you think about this feature? Tell us in a comment below. You can also give product feedback through our Community forum and GitHub repository.