What is Two-Factor Authentication (2FA)
Authentication is the method of verifying the identity of a user, process, or device, which is a requirement to allow access.
Google Authenticator, which we use at Bitfinex, adds a second level of security between an attacker and withdrawal confirmations, password changes, API key creation, and logins by using a Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP) for authenticating users.
Google Authenticator provides a six-to-eight digit one-time password which users must provide in addition to their username and password to log into Bitfinex and modify services or security settings.
Enabling Google Authenticator 2FA is a straightforward process and has a significant impact on the security of your Bitfinex account.
Important: When signing up for a Bitfinex account, you will be required to create a 2FA for your account. If you fail to do so during the setup process, your account features will not be available until you complete this security requirement.
How to set up a Google Authenticator 2FA
During Account Creation
1. When creating your Bitfinex account, scan the QR code with the Google Authenticator application. You can also use the Setup key provided.
2. Next, enter the generated Google Authenticator token.
3. Having set up your 2FA, you will need to confirm your email to complete the account creation process.
After Account Creation
1. If you have already created your Bitfinex account but skipped the 2FA setup process, you will not be able to access the Bitfinex account features. To continue using the platform, you will need to protect your account with 2FA.
You will be directed to the Security page, where you will find two 2FA options:
- FIDO Universal 2nd Factor (U2F);
- Google Authenticator (2FA).
2. For Google Authenticator, press the Setup button and scan the QR code with the 2FA app on your phone. Then, enter the 6-digit pin provided by the app in the text box above Enable. If the code is correct, the Enable button will be triggered automatically.
3. Here, you should check your notifications. Upon entering the correct code, you should receive the following message:
4. Good job! You are almost done. Please check your mail — there you should find the following email:
5. Open the link in the same browser you used to log into Bitfinex, and you will receive the notification that Google Authenticator is installed on your account. That’s it!
Note: Right below your QR code, you may find a backup code: the Account token (Key). In case you lose access to your 2FA device, this key will be essential for you to gain quick access to the account.
Important: Do not store a copy of this backup code in possibly insecure places such as your devices, email, or clouds. Write down or print a copy of the account token (key)/QR code and store it in a safe location. Delete any digital copy after printing. Google Authenticator offers the option to sync your 2FA codes with your Google Account. It is advised to disable this option to minimise the security risk in case your Google account gets compromised.
When are the Two-Factor Authentication codes required on Bitfinex
You will need your Google 2FA codes whenever you:
- log in;
- withdraw;
- change critical account settings.
If any of the above steps fail, or if you happen to see any error notifications returned, please get in touch with Bitfinex Support and describe the error in as much detail as possible. We will be happy to help.