Martijn Russchen
Lead Product Manager

Easy and secure Credential Management

Easy and secure Credential Management

Earlier this year we introduced Hacker Email Aliases which enables you to secure set up accounts for hackers inside your program, but to make it even easier we’re launching an all-new credential management functionality in our platform.

Credential management is an essential piece of enabling hackers to test your services. In many cases, a paid or a specially provisioned user account is needed to let hackers explore your application.

Sharing credentials through the HackerOne platform has multiple benefits. You will be able to see how many credentials are available and who has claimed credentials giving insight into who is actively testing your attack surface. When credentials are running low, you will be alerted so that you can add more credentials before hackers run out. Additionally, when a hacker submits a report, you can directly see which credentials they have used.

Download Credentials

Sharing credentials has never been easier

The new credential management functionality enables program owners to share credentials with hackers in the program easily. It’s as simple as uploading a CSV with credentials, and a new button will appear on your program page from where hackers can download the credentials. When uploading the credentials, you can also give the hacker instructions on how to use them. This can be helpful in case the setup isn’t straightforward.

Additionally, you can see the preview sample of your imported credentials, just as the hackers will see them. If you make an unexpected error in importing credentials, we save the hassle for you and the hackers by restricting the credential imports. This way you can be sure that the credentials you have imported are correct, free of duplicates and ready to be used by the Hackers.

Credential management settings

Credential management increases engagement

With the help of the new credential management feature, it’s easier than ever to share credential with hackers. Having credentials ready for hackers results in higher engagement from the community. Are you running an application that requires credentials to test? Upload your credentials today!


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

The 8th Annual Hacker-Powered Security Report

HPSR blog ad image