What Is Two-Factor Authentication (2FA)

Customer Specialist Team
Updated

 

About Two-Factor Authentication (2FA)​​

Two-Factor Authentication (2FA) is a security mechanism that requires two forms of verification to access an account. After entering a password, users must pass the secondary verification via SMS code, TOTP authenticator, passkey, or biometrics. 

For enhanced account security, 2FA is enabled by default once you bind your phone, TOTP authenticator, or passkey to your account.

 

Why Is 2FA Necessary?​​

1. ​Limitations of Traditional Passwords: Traditional password systems rely on static information, such as characters or gestures, which are vulnerable to phishing, brute-force attacks, and database breaches.

2. Advantages of 2FA: Even if a password is compromised, an attacker would still need to bypass the second layer of security (like your phone or fingerprint), significantly enhancing security.

 

2FA Methods Supported by CoinEx​

1. SMS verification codes​

Characteristics
  • Randomly generated and sent in real-time to your linked phone number.
  • Typically valid for a short period (e.g., two minutes) and becomes invalid after one use.
Scenarios Ideal for quick logins, particularly for users accustomed to SMS verification.
Notes
  • SMS delays may occur due to carrier systems or local signal issues. Ensure your phone has a strong signal and can receive messages, and try again later.
  • SMS verification is susceptible to SIM card hijacking attacks, making it less secure. It is strongly recommended to enable TOTP or a passkey as your primary 2FA method.
Explore More

What to Do If I Can’t Receive SMS Verification Codes

How to Bind Mobile Number (WebApp)

How to Reset / Change Mobile Number (WebApp)

How to Receive SMS Code via WhatsApp (WebApp)

 

2. TOTP (Time-based One-Time Password)

Description TOTP (Time-based One-Time Password) is a dynamic password that is generated every 30 or 60 seconds.
Characteristics
  • Dynamic refresh makes it difficult to obtain or crack.
  • Codes can be generated offline without an internet connection.
  • Supports multiple device bindings (requires backup of the key).
​Recommended Tools
​Key Management The key (Secret Key) is a 16-character alphanumeric combination used to bind the TOTP authenticator.

Take Google Authenticator as an example:

  • You will receive a 16-digit alphanumeric secret key​ when binding Google Authenticator.
  • If you lose the device linked to Google Authenticator, you can rebind it using the 16-character key on another device.

Note: CoinEx does not back up users' TOTP keys.

If you forget or lose the key, you cannot rebind the Google Authenticator.

For your account and asset security, please store your secret key in the following ways:

  • Write them down on paper.
  • Store a screenshot in encrypted cloud storage.
  • Save it in a password manager or TOTP app.
Explore More

How to Bind TOTP Authenticator (WebApp)

How to Reset / Change TOTP Authenticator (WebApp)

 

3. Passkeys​

Description A passkey is a passwordless authentication technology based on the FIDO (Fast Identity Online) international standard. It supports biometric or hardware key verification without entering any verification code.
Characteristics
  • Password-free logins via your fingerprint, facial recognition, or a USB passkey.
  • Highly resistant to phishing attacks, offering top-tier security.
  • Supports synchronization across multiple devices.
Setup
  • To create a passkey on the device you are currently logged in to, you can use your biometrics (like fingerprint or facial recognition) stored on the device.
  • To create a passkey with another mobile device, you can scan the QR code displayed in the browser with the QR code scanner or camera on your mobile device.
  • To use a USB security key as your passkey, insert the key (e.g., YubiKey) into your computer and follow the instructions to complete the setup.
Scenarios
  • Ideal for users seeking maximum security and convenience.
  • Requires FIDO-supported devices (iPhone, Android, Windows Hello).
Explore More

How to Bind Passkey (WebApp)

How to Delete / Reset a Passkey (WebApp)

 

2FA Method Comparison​

Method Security Convenience Scenarios Notes
SMS Code Medium High Quick logins Must keep phone/signal available
TOTP High Medium Daily use and anti-phishing Must back up 16-character key
Passkey​ Extremely High High Passwordless + biometrics/USB Must be compatible with FIDO devices
Disclaimer: The content provided on this website is for informational purposes only and does not constitute investment advice. The information provided is not intended to be a substitute for professional financial advice, consultation, or recommendations. Users are encouraged to consult with a qualified financial advisor before making any investment decisions. The website owners and authors do not assume any liability for any loss or damage that may result from reliance on the information provided. All investments carry risk, and past performance is not indicative of future results.