Two-Factor Authentication (also known as 2FA or 2-Step Verification) is a technology that provides identification of users through the combination of two different components. In this case, you’ll protect your account with something you know (your password) and something you have (your phone). With Two-Factor Authentication enabled on your CoinEx account, you will have to provide your password (first “factor”) and your 2FA code (second “factor”) when signing in to your account. For account security, we recommend turning on “2FA while signing in” after binding Mobile or TOTP to your account.
What’s the difference between “Typical passwords” and “2FA”?
A typical password usually includes a string of static information such as characters, images, gestures, etc., which are easily cracked and insecure, while 2FA is more complicated and of higher security level.
In CoinEx, we support 2FA via SMS verification and TOTP verification:
1. SMS verification: Your account will be verified via a string of randomly generated SMS verification code. Instantly sent with validity of a short period of time, SMS codes can only be used once before expiration.
2. TOTP verification: The Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. It combines a secret key with the current timestamp using a cryptographic hash function to generate a one-time password, changing every 60 seconds.
What is TOTP and why do I need it?
TOTP is an algorithm that computes a one-time password from a shared secret key and the current time, an example of a hash-based message authentication code (HMAC). Most of 2FAs adapt TOTP and update in 30-60 seconds, difficult to be cracked and relatively more secure.
CoinEx recommends using Google Authenticator or another offline authenticator app such as Authenticator.
Google Authenticator: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
(We strongly recommend this TOTP if you are using LastPass to manage your passwords)
What is Secret Key in TOTP?
A secret key is a piece of information or parameter, usually a string of 16 digits combining letters and numbers, which is used to encrypt and decrypt messages in asymmetric, or secret-key, encryption.
Take Google Authenticator as an example. CoinEx will provide you with a string of 16-digit secret key while binding Google Authenticator. If you've lost the device with your Google Authenticator, you can download the same app in a new phone and retain 2FA by reentering secret key on the App. Please note that CoinEx will NOT save or back up your secret key and your Google Authenticator will be unretrievable if you forgot or lost your secret key. For your account security, please preserve your secret key via the following recommended ways.
How to keep secret key?
1. Write them down on a piece of paper
2. Take a screenshot and back up in your Cloud storage
3. Record in your TOTP apps
Why is my correct 2FA code “Incorrect"?
The most common cause for "Incorrect Code" errors is that the time on your Google Authenticator app is not synchronized with your time of the local server. In this case, please make sure that you have the same time in your Google Authenticator app as your local time.
How to turn on the log-in 2FA?
1. Enter https://www.viabtc.com, then go to [Settings]>[Account Settings].
2. Click the button at [Authenticate When Sign In ViaBTC].