What is Two-factor authentication?
Two-factor authentication (also known as 2FA or 2-Step Verification) is a technology that provides identification of users through the combination of two different components.
With Two-Factor Authentication enabled on your CoinEx account, you will have to provide your password (first “factor”) and your 2FA code (second “factor”) when signing in to your account. For account security, 2FA will be required for login by default after binding mobile, TOTP, or Passkeys to your account.
Difference between “Typical passwords” and “2FA”
A conventional password typically consists of a string of static information like characters, images, gestures, etc., which is insecure and easily cracked, while 2FA is more complicated and more secure.
The 2FA supported in CoinEx
1. SMS
Your account will be verified via a string of randomly generated SMS verification codes. Instantly sent while valid in a short period of time, SMS codes can only be used once before expiration.
2. TOTP
The Time-based One-Time Password (TOTP) combines a secret key with the current timestamp using a cryptographic hash function to generate a one-time password, which usually changes every 30 or 60 seconds. Therefore, the client and the server are required to keep the same clock, so that the one-time password calculated by both sides based on time can be consistent.
TOTP is the most used 2FA, which updates every 30 to 60 seconds and is comparatively more secure and harder to crack.
(1) Recommended TOTP
CoinEx recommends using Google Authenticator or other offline authenticator apps such as Authenticator.
Google Authenticator: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
LastPass Authenticator: https://www.lastpass.com
(We strongly recommend this TOTP if you are using LastPass to manage your passwords.)
(2) What is the secret key of TOTP?
A secret key is a piece of information or parameter, usually a string of 16-digit combinations of letters and numbers, that is used to encrypt and decrypt messages.
Take Google Authenticator as an example, when you bind Google Authenticator, you will get a 16-digit key string. If your device with the Google Authenticator is lost accidentally, you can download Google Authenticator on other devices and re-enter the 16-digit key to re-bind, and then you can log in and use it normally.
CoinEx will not backup the user's secret key, if you forget or lose the secret key, you will not be able to rebind Google Authenticator. For your account and asset security, please preserve your Secret Key via the following recommended ways:
a. Write them down on a piece of paper
b. Take a screenshot and back up in your Cloud storage
c. Record in your TOTP apps
(3) Why is my correct 2FA code “Incorrect"?
The most common cause for "Incorrect Code" errors is that the time on your Google Authenticator app is not synchronized with your time on the local server. In this case, make sure that the time displayed in your Google Authenticator app matches the time where you are located.
- For Android devices:
a. Go to Google Authenticator App [Settings].
b. Tap [Time corrections for codes].
c. Tap [Sync now].
- For iOS devices:
a. Go to iPhone Settings. (your iPhone settings area)
b. Select [General] and [Date & Time].
c. Enable [Set Automatically].
d. If it is already enabled, disable it, wait a few seconds and re-enable it.
If you lose TOTP without saving the secret key, please try to reset it by Resetting tool or send a ticket for more help. For more instructions, please refer to How to Reset/Change TOTP Authentication.
3. Passkeys
Passkey is a Fast Identity Online (FIDO) feature provided by CoinEx for rapid identity verification. Passkeys are used for secondary verification, providing users with a convenient experience without the need for verification codes, as well as enhancing the protection of users' assets and account security.
Supported Passkey Types
CoinEx supports the following three types of Passkeys, and you have the flexibility to create any of them.
1. Create Passkey on this device
Create a Passkey on the device you are currently logged in to, using the biometric capabilities such as fingerprint or face recognition configured on this device.
2. Create Passkey using another mobile device (phone or tablet)
Use your mobile phone or tablet to scan the QR code displayed in the explorer for creation.
3. Use a physical USB as a Passkey
Insert a physical USB identity authenticator (such as YubiKey) into your computer, and follow the explorer instructions to complete the creation.
Learn more about Passkeys, please refer to How to Set up Passkey.
Follow the guidelines below to bind Google Authenticator, mobile number, and Passkey to your CoinEx account.