How to set up two-factor authentication

Two-factor authentication adds an  extra layer of security to your login process. It means that you (and everyone else who attempts so) can only log into your Datawrapper account if they have a) your email and password, and b), an authentication code from an authenticator app or a hardware security device like a YubiKey. 

Two-factor authentication is  available for all Datawrapper accounts, regardless of their plan.

How to log in once two-factor authentication is set up

After you signed up to Datawrapper with your email address here, you set a password. Every time you log in to Datawrapper, you need to enter that email address and password. Once you set up two-factor authentication, Datawrapper will also prompt you to confirm your identity with an authentication code:

Depending on what you set up, you then need to get the authentication codes from your authenticator app, such as Google Authenticator or many password managers, or use a hardware security device like a YubiKey.

Once you entered it correctly, you're successfully logged in.

How to set up two-factor authentication

1

To set up two-factor authentication, go to your account security settings here: app.datawrapper.de/account/security. Now you can choose if your extra authentication code should come from an authenticator app or the YubiKey. 

Here's how they work:

  • An authenticator app is software e.g. for your smartphone, like Authy or Google Authenticator (for Android or iPhone and iPad). Some password managers also generate authentication codes (one-time passwords, OTP) for you, like Bitwarden or 1Password. If you're not sure what to use, check in with your organization.
  • A YubiKey is a hardware device produced by the company Yubico that looks like a USB stick. You need to purchase and plug it into your computer for it to work as a second factor of authentication. 

The following steps show you how to continue setting up two-factor authentication with the Google authenticator app. To follow, make sure you have the app installed.

2

Next to "Authenticator app" in the Datawrapper security settings, click on Enable. A pop-up with a QR code will open, like so:

3

Open the Google authenticator app. Click first on the big " +"-button at the bottom of the app, and then on "Scan a QR code":

4

Once you select that, a camera will open on your smartphone. Point it to the QR code in the Datawrapper security settings. That gives the authenticator app all the information it needs to set up the connection to Datawrapper

If that was successful, you'll see a new entry in your app. It shows continuously new generated one-time passwords every 30 seconds:

Enter the code that shows up in the Google authenticator app in the pop-up on datawrapper.de. Click on Verify.

5

To make sure you’re never locked out of your own account, Datawrapper provides  backup codes for you to store in a safe location, which you can use as an alternative way to sign in in case your authenticator app or YubiKey is no longer available. You'll see these recovery codes once your one-time password was accepted: 

Make sure to download, copy, or print them and store them in a secure location. Don't share your recovery codes! Confirm that you have saved them by clicking on  "I have saved them". 

And that's it! You successfully set up two-factor authentication. Datawrapper will confirm that by showing a little green checkmark symbol next to your chosen method: 

You can also enable another method, disable your set-up authentication method, or view your recovery codes. If you're getting short on recovery codes, you can also generate new ones.

How to check which team members have set up two-factor authentication

When you and your colleagues edit visualizations together, the team’s security chain is only as strong as its weakest link. To help keep everyone safe, team admins can check how each member protects their Datawrapper account. 

To do so, go to your team settings by going to app.datawrapper.de/account/teams, then selecting your team. Click on Members to get a full list of all your team members. You'll see their sign-in method in the column Sign in via...:

For Enterprise customers using single-sign-on, you can similarly review whether all team members are signing in using your organization’s SSO provider.


Do you have questions or feedback about two-factor authentication? Please let us know at support@datawrapper.de.