What is Two-Factor-Authentication (2FA)?

Two-Factor-Authentication (2FA) is an additional layer of security that is implemented by a majority of online crypto-exchanges. 2FA is a subset of Multi-Factor-Authentication (MFA) in that 2FA requires two pieces of information whereas MFA calls for 2 or more pieces of evidence. In both MFA and 2FA, information only known to the correct user is required before authentication is achieved. To verify an individual’s identity and decrease the chance that your exchange account is hijacked by a malicious user, you can activate 2FA and make it such that the 2FA code in addition to their username and password is required to gain access to the account. In the same way that you may not gain access to an ATM without both a bank card and its corresponding Personal Identification Number (PIN), users must present an additional piece of information (i.e. their account’s corresponding 2FA code) when using a 2FA activated exchange account. 2FA is not a new concept and has become more popular in digital implementation and is widely recommended when using exchanges as it provides a meaningful layer of security at an arguably low cost to the user.

Although various methods exist, the most popular way to generate and manage 2FA codes is through Google’s Authenticator application. Authenticator allows people to link their exchange accounts to their application by scanning the QR code provided by the exchange when 2FA setup is prompted. Authenticator provides users with a clever way of managing their 2FA linked accounts by making use of one-time-passwords. These one-time-passwords are generated using a shared secret key on a periodic basis by both the Authenticator application and the exchange to which the application is linked. This action has the consequence of requiring direct access to the user’s 2FA device in the correct time frame to login to the account.

2FA’s primary effect is to inhibit phishing scams and online identity theft. The use of 2FA applications like Authenticator bolster your cyber security by requiring that a prospective hacker must gain access to your account information as well as your 2FA code (which would require direct access to the 2FA device or the shared secret key). Though 2FA provides an extra means of security, you must be cautious in what devices are used to access exchange accounts as compromised machines may grant malicious users access to your login information and 2FA code which would enable them to initiate an alternate log-in.


This is for informational purposes only and does not constitute, either explicitly or implicitly, any provision of services or products by 3iQ Corp (“3iQ”). Investors should determine for themselves whether a particular service or product is suitable for their investment needs or should seek such professional advice for their particular situation.3iQ Corp. makes no representation or warranty to any investor regarding the legality of any investment, the income or tax consequences, or the suitability of an investment for such investor. All content is original and has been researched and produced by 3iQ unless otherwise stated therein. No part of the content may be reproduced in any form, or referred to in any other publication, without the express written permission of 3iQ. All statements made regarding companies, securities or other financial information contained in the content or articles relating to 3iQ are strictly beliefs and points of view held by 3iQ and are not endorsements of any company or security or recommendations to buy or sell any security. No securities regulatory authority has expressed an opinion about these securities and it is an offence to claim otherwise. By visiting and/or otherwise using the 3iQ website in any way, you indicate that you understand and accept the terms of use as set forth on the website and agree to be bound by them. If you do not agree to the terms of use of the website, please do no access the website or any pages thereof. Any descriptions of, references to, or links to other products, publications or services does not constitute an endorsement, authorization, sponsorship by or affiliation with 3iQ with respect to any linked site or its sponsor, unless expressly stated by 3iQ. Any such information, products or sites have not necessarily been reviewed by 3iQ and are provided or maintained by third parties over whom 3iQ exercises no control. 3iQ expressly disclaims any responsibility for the content, the accuracy of the information, and/or quality of products or services provided by or advertised on these third-party sites. The information contained herein, while obtained from sources believed to be reliable, is not guaranteed as to its accuracy or completeness and confers no right on purchasers. Past performance of cryptoassets is not indicative of future performance and should not be used to forecast any return that an investor may realize.