What is Two-factor authentication?
Two-factor authentication (also known as 2FA or 2-Step Verification) is a technology that provides identification of users through the combination of two different components.
With Two-Factor Authentication enabled on your CoinEx account, you will have to provide your password (first “factor”) and your 2FA code (second “factor”) when signing in to your account. For account security, we recommend turning on “2FA while signing in” after binding Mobile or TOTP to your account.
Difference between “Typical passwords” and “2FA”
A typical password usually includes a string of static information such as characters, images, gestures, etc, easily cracked and insecure, while 2FA is more complicated and of a higher security level.
2FA supported in CoinEx
Your account will be verified via a string of randomly generated SMS verification codes. Instantly sent while valid in a short period of time, SMS codes can only be used once before expiration.
The Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.
It combines a secret key with the current timestamp using a cryptographic hash function to generate a one-time password, changing every 60 seconds. TOTP is an algorithm that computes a one-time password from a shared secret key and the current time, an example of a hash-based message authentication code (HMAC).
Most of 2FA adapt TOTP and updates in 30-60 seconds, difficult to crack and relatively more secured.
(1) Recommended TOTP
CoinEx recommends using Google Authenticator or another offline authenticator app such as Authenticator.
Google Authenticator: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
(We strongly recommend this TOTP if you are using LastPass to manage your passwords)
(2) What is Secret Key in TOTP?
A secret key is a piece of information or parameter, usually a string of 16-digit combinations of letters and numbers, that is used to encrypt and decrypt messages in asymmetric, or secret-key, encryption.
Take Google Authenticator for instance: CoinEx will provide you with a string of 16-digit Secret Key while binding Google Authenticator. If you've lost the device with your Google Authenticator, you can download the same app in a new phone and retain 2FA by reentering Secret Key on the APP.
Please note that CoinEx will NOT save or back up your Secret Key and your Google Authenticator will be LOST and unable for retrieved if you forgot or lost your Secret Key. For your account security, please preserve your Secret Key via the following recommended ways:
a. Write them down on a piece of paper
b. Take a screenshot and back up in your Cloud storage
c. Record in your TOTP apps
(3) Why is my correct 2FA code “Incorrect"?
The most common cause for "Incorrect Code" errors is that the time on your Google Authenticator app is not synchronized with your time of the local server. In this case, please make sure that you have the same time in your Google Authenticator app as your local time.
For Android device:
a. Go to Google Authenticator App [Settings].
b. Tap [Time corrections for codes].
c. Tap [Sync now].
For iOS device:
a. Go to iPhone Settings App. (your iPhone settings area)
b. Select [General] and [Date & Time].
c. Enable [Set Automatically].
d. If it is already enabled, disable it, wait a few seconds and re-enable.
If you lose TOTP without saving the secret key, please try to reset it by Resetting tool or send us a ticket for more help. For more instructions, please refer to How to Reset/Change TOTP Authentication?