Two-factor authentication (also known as 2FA or 2-Step Verification) is a technology that provides identification of users through the combination of two different components. In this case, you’ll protect your account with something you know (your password) and something you have (your phone). With Two-Factor Authentication enabled on your CoinEx account, you will have to provide your password (first “factor”) and your 2FA code (second “factor”) when signing in to your account. For account security, we recommend turning on “2FA while signing in” after binding Mobile or TOTP to your account.
What’s the difference between “Typical passwords” and “2FA”?
A typical password usually includes a string of static information such as characters, images, gestures, etc, easily cracked and insecure, while 2FA is more complicated and of higher security level.
In CoinEx, we support 2FA via SMS verify and TOTP verify:
1. SMS verify: Your account will be verified via a string of randomly generated SMS verification code. Instantly sent while valid in a short period of time, SMS codes can only be used once before expiration.
2. TOTP verify: The Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. It combines a secret key with the current timestamp using a cryptographic hash function to generate a one-time password, changing every 60 seconds.
What is TOTP and why do I need it?
TOTP is an algorithm that computes a one-time password from a shared secret key and the current time, an example of a hash-based message authentication code (HMAC). Most of 2FA adapt TOTP and updates in 30-60 seconds, difficult to crack and relatively more secured.
CoinEx recommends using Google Authenticator or another offline authenticator app such as Authenticator.
Google Authenticator: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
(We strongly recommend this TOTP if you are using LastPass to manage your passwords)
What is Secret Key in TOTP?
A secret key is a piece of information or parameter, usually a string of 16-digit combinations of letters and numbers, that is used to encrypt and decrypt messages in asymmetric, or secret-key, encryption.
Take Google Authenticator for instance: CoinEx will provide you with a string of 16-digit Secret Key while binding Google Authenticator. If you've lost the device with your Google Authenticator, you can download the same app in a new phone and retain 2FA by reentering Secret Key on the APP. Please understand that CoinEx will NOT save or back up your Secret Key and your Google Authenticator will be LOST and unable for retrieved if you forgot or lost Secret Key. For your account security, please preserve your Secret Key via the following recommended ways.
How to keep Secret Key?
1. Write them down on a piece of paper
2. Take a screenshot and back up in your Cloud storage
3. Record in your TOTP apps
Why is my correct 2FA code “Incorrect"?
The most common cause for "Incorrect Code" errors is that the time on your Google Authenticator app is not synchronized with your time of the local server. In this case, please make sure that you have the same time in your Google Authenticator app as your local time.
For Android device:
1) Go to Google Authenticator App [Settings].
2) Tap [Time corrections for codes].
3) Tap [Sync now].
For iOS device:
1) Go to iPhone Settings App. (your iPhone settings area)
2) Select [General] and [Date & Time].
3) Enable [Set Automatically].
4) If it is already enabled, disable it, wait a few seconds and re-enable.