Everything about Two-factor Authentication

It increasingly seems like I somehow have managed to run my life around the announcements of my favourite crypto exchanges Coindelta and Koinex. Today is Christmas and I am sitting here writing this post on Two-factor authentication. Although this actually is the need of the hour.

Couple days after they made it mandatory to enable two-factor authentication, the telegram communities I help them manage are buzzing with questions about the 2FA. Let’s answer all of them here:

What is Two-Factor Authentication and why should I activate it?

In the simplest of words it is a second layer of security. Added security equals better protection of your account. Your password is usually the first level of security. When passwords became easier to crack, Infosec community decided to make it harder for hackers to enter into your account with another layer of security.

The best apps on your phone enforce 2FA. But for this discussion we will stick to exchanges because I for one hate off topic conversation.

In most cases, the 2nd factor of the Two-factor authentication is when you have to enter a one-time password. It could be sent to via an email, an sms, or a randomly generated OTP based on key. Most exchanges enforce the 3rd kind. We will get to it in a minute.

Reason to activate: It makes your account more secure. I think that’s good enough.

What kind of 2FA does Koinex and Coindelta use?

Both these exchanges used Email/SMS based authentication up until last week when they made using google authenticator mandatory. It is a welcome move in my opinion as the OTPs sent on email can be compromised as it happened to one user according to this post from Coindelta.

The Google authenticator will generate a new code every 30 seconds, so you gotta be quick when you log in. The security gives you en edge. Let’s say if someone steals your phone, they still need to unlock it to access the authenticator. Maybe they did unlock it, then they need to know what your password to the account is.

The idea is simple – if you use your computer for trading, another layer of your security stays in your phone. A hacker would need access to your computer as well as your phone to hack into the account which is difficult.

A glimpse of the google authenticator screen. Click the ‘+’ button to add a new code

Which exchanges use Google Authenticator?

Pretty much all exchanges use some form of Two-factor authentication. If we are talking specifically about 2FA using the Google Authenticator here are a few I know:

1. Binance
2. Changelly
3. Cex
4. BuyUCoin
5. Bitfinex

The list goes on…

How do I activate Google Authenticator on my phone?

Step-1: Download the app for Android or iOS

Step-2: Open the Enable 2FA page on your exchange.

For Coindelta – Click on My account > Profile > 2FA

For Koinex – Just click on Security and you will land on the page to active 2FA

Step-3: Click the ‘+’ icon on the Google authenticator app

Step-4: Scan the QR code on the page with the authenticator app

Step-5: Please write down or print a copy of the 16-digit secret code and store it safely

It will look something like hol4fvqs72b8ieni or QTCDNSMOQ3HMZ596 depending on the website.

Step 6: Once it is added, you can use the code on the authenticator app as OTP. Enter the OTP where it is asked and save it.

If you wish to see a video on how to use the authenticator I made one for Coindelta, check it out:

I forgot to save my 16 digit secret key, what do I do?

Prevention is better than cure as they say. It’s right. If you haven’t backed up the code, you should now. The process works for both Koinex and Coindelta.

Step-1: Open the 2FA page on your exchange.

For Coindelta – Click on My account > Profile > 2FA

For Koinex – Just click on Security and you will land on the page to active 2FA

Step-2: Disable the 2FA authentication.

Coindelta – Click on Disable

Koinex- Click on Enable Email/SMS authentication

Step-3: Optional – Delete the old key from your authenticator app

Long press on the code, click delete on the top right corner of the App.

Step-4: Scan the QR code again on the page with the authenticator app. It is a new one this time.

Step-5: Please write down or print a copy of the 16-digit secret code and store it safely

It will look something like hol4fvqs72b8ieni or QTCDNSMOQ3HMZ596 depending on the website.

Step 6: Start using the Authenticator app as you were before. Do not lose the key.

I get “Incorrect Code” errors constantly, why?

The likely reason is that the time on your phone is not in sync with the internet. Here’s a simple guide I copy pasted from Coindelta [wink ;)].

I lost the app because my phone is lost/reset. What do I do?

Remember the 16 digit key we asked you to back up when you were setting up the 2FA? Yeah that one. It’s time to bring it to use.

Install the Authenticator app once again, click on the ‘Add’ button (+), enter the 16 digit code manually. You can start using the code as OTP now.

I did not back up my Authenticator key, I lost my phone, I cannot login now.

This is a bad situation. But the best part of Centralised exchanges is that passwords and accounts are recoverable according to the co-founder of Coindelta.

So do not panic. This has a solution. Here what you need to do.

Coindelta: 

Open a Support ticket – https://desk.zoho.com/portal/coindelta/newticket

Mention that you lost your authenticator app in the ticket with your name and phone number.

Your Two-Factor Authentication will be reset to email OTP and you’d be asked to enable 2FA using Google authenticator again. This time back up the key.

Koinex: 

Raise a support ticket – https://koinex.in/support

Send a selfie holding an ID and send it to [email protected]. Do mention your Full name, phone number and how did you lose the app as well.

Your Two-Factor Authentication will be reset to email/SMS OTP and you’d be asked to enable 2FA using Google authenticator again. This time back up the key.

More issues?

Come join us on the telegram community and ask your queries there:

Have questions about cryptocurrency trading in India? Check out our guide

Cover pic source