What is Two-factor Authentication and How is it useful in CoinEx

Two-factor authentication (also known as 2FA or 2-Step Verification) is a technology that provides identification of users through the combination of two different components. In this case, you’ll protect your account with something you know (your password) and something you have (your phone). With Two-Factor Authentication enabled on your CoinEx account, you will have to provide your password (first “factor”) and your 2FA code (second “factor”) when signing in to your account. For account security, we recommend turning on “2FA while signing in” after binding Mobile or TOTP to your account.

What’s the difference between “Typical passwords” and “2FA”?

A typical password usually includes a string of static information such as characters, images, gestures, etc, easily cracked and insecure, while 2FA is more complicated and of higher security level.

In CoinEx, we support 2FA via SMS verify and TOTP verify:

1. SMS verify: Your account will be verified via a string of randomly generated SMS verification code. Instantly sent while valid in a short period of time, SMS codes can only be used once before expiration. 
2. TOTP verify: The Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. It combines a secret key with the current timestamp using a cryptographic hash function to generate a one-time password, changing every 60 seconds.

What is TOTP and why do I need it?

TOTP is an algorithm that computes a one-time password from a shared secret key and the current time, an example of a hash-based message authentication code (HMAC). Most of 2FA adapt TOTP and updates in 30-60 seconds, difficult  to crack and relatively more secured.

Recommended TOTP

CoinEx recommends using Google Authenticator or another offline authenticator app such as Authenticator.
Google Authenticator:

1. IOS system: search "Google Authenticator" on App Store. Click HERE to get download link.
2. Android: search "Google Authenticator" on Google Play. Click HERE to get download link.

What is Secret Key in TOTP?

A secret key is a piece of information or parameter, usually a string of 16-digit combinations of letters and numbers, that is used to encrypt and decrypt messages in asymmetric, or secret-key, encryption.
Take Google Authenticator for instance: CoinEx will provide you with a string of 16-digit Secret Key while binding Google Authenticator. If youve lost the device with your Google Authenticator, you can download the same app in a new phone and retain 2FA by reentering Secret Key on the APP. Please understand that CoinEx will NOT save or back up your Secret Key and your Google Authenticator will be LOST and unable for retrieved if you forgot or lost Secret Key. For your account security, please preserve your Secret Key via the following recommended ways.

How to keep Secret Key?

1. Write them down on a piece of paper
2. Take a screenshot and back up in your Cloud storage
3. Record in your TOTP apps

Why is my correct 2FA code “Incorrect"?

The most common cause for "Incorrect Code" errors is that the time on your Google Authenticator app is not synchronized with your time of the local server. In this case, please make sure that you have the same time in your Google Authenticator app as your local time.

For Android device:

1) Go to Google Authenticator App [Settings].
2) Tap [Time corrections for codes].
3) Tap [Sync now].

For iOS device:

1) Go to iPhone Settings App. (your iPhone settings area)
2) Select [General] and [Date Time].
3) Enable [Set Automatically].
4) If it is already enabled, disable it, wait a few seconds and re-enable.