What is Two-Factor Authentication (2FA)?
Authentication is the method of verifying the identity of a user, process, or device, which is a requirement to allow access.
Google Authenticator, which we use at Bitfinex, adds a second level of security between an attacker and withdrawal confirmations, password changes, API key creation, and logins by using a Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP) for authenticating users.
Google Authenticator provides a six-to-eight digit one-time password which users must provide in addition to their username and password to log into Bitfinex and modify services or security settings.
How to set up a Google Authenticator 2FA
1. Firstly, visit your account Account Security settings, and open the Two-Factor Authentication drop-down menu and click the Setup button below Google Authenticator.
2. Next, scan the QR code with the 2FA app on your phone and enter the 6-digit pin provided by the app in the text box above Enable. If the code is correct, the Enable button will be triggered automatically.
Right below your QR code, you may find a backup code: the Account token (Key).
Important: In case you lose access to your 2FA device, the above key will be essential for you to gain quick access to the account.
Note: Make sure not to store a copy of this backup code in a possibly insecure place. Either don't make a copy of the 2FA secret or write down or print a copy of the account token (key)/QR code and store it in a safe location. Delete any digital copy after printing.
3. Here, you should check the notifications. Upon entering the correct code, you should receive the following message:
4. Good job! You are almost done. Please check your mail — there you should find an email like this:
Open the link in the same browser which you used to log into Bitfinex, and you will receive the following notification:
Congratulations! Google Authenticator is installed on your account.
The Google 2FA codes will now be required whenever you:
- log in;
- change critical account settings.
If any of the above steps fail, or if you happen to see any error notifications returned, please get in touch with Bitfinex Support and describe the error in as much detail as possible. We will be happy to help.