Two-factor authentication (2FA) provides an extra layer of security on your account.
In addition to a password and via a separate device or security tool, users are provided with a dynamic 6-digit code that one must enter upon logging into an account or authorizing activities. A new code is generated roughly every 30 seconds by your authenticator app.
It’s the second wall of protection around your account, reducing the likelihood of someone gaining unauthorized access to it.
BTC Markets supports authenticator apps (Google Authenticator, Microsoft Authenticator, Authy etc.) that provide time-based one-time passcodes (TOTP).
Please note: BTC Markets does not endorse any specific brand of authenticator app.
How to set up two-factor authentication:
- Install your authenticator app on your smartphone/device.
- Login to your BTC Markets account.
- Go to the “Account” page.
- Click on the “Enable Two-Factor Authentication” tab. A QR code will be displayed (A square black and white barcode).
- Open your authenticator app on your smartphone/device.
- Scan the QR code displayed on the BTC Markets webpage.
- Once the scan has completed successfully, a six-digit number will appear in the app with the description BTC Markets, alongside your email address.
- Enter the 6-digit code passcode into your authenticator app in order to activate it.
- A popup may show on the screen with a secret key. Secret keys should be stored offline in a secure location (e.g. a physical safe or locked container). Please note: Do not store it in an email, notes app, screenshot or documents that are uploaded to cloud storage. Anyone with access to this key, may be able to generate your 6-digit passcodes and therefore be able to access your account. Should you lose or damage your smartphone/device, this code will help you regain access to your account.
- If prompted, confirm that you have stored a copy of your secret key offline in a safe place.
Your authenticator app will now generate your 6-digit passcodes. You will have to input the correct 6-digit code each time you log into your BTC Markets account and perform certain actions, such as making a withdrawal. This code is time-sensitive, and you will need to input it before it changes.
Keeping your two-factor authentication secure
BTC Markets will never ask for your password, 6-digit passcodes or secret key.
Do not share these credentials with anyone, including people claiming to be BTC Markets staff or law enforcement.
Bad actors may try to trick you into revealing your 6-digit passcodes through a variety of ways.
Phishing via email/SMS or directing you to fake BTC Markets webpages or mobile apps. They also may call you on the phone and attempt to impersonate BTC Markets by claiming your account is at risk and urgent action needs to be taken to secure your funds.
If anyone asks for your 6-digit passcode, exercise extreme caution. Always verify the authenticity of the request via multiple publicly listed means, prior to providing any sensitive information.
Some authenticator apps offer cloud backup or synchronisation features. Whilst this may be convenient, these features could introduce some additional risks. We recommend all customers understand how their chosen authenticator app stores and syncs their authenticator codes and keys.