What is Two-Factor-Authentication (2FA)?
Two-Factor-Authentication (2FA) is an additional layer of security that is implemented by a majority of online crypto-exchanges. 2FA is a subset of Multi-Factor-Authentication (MFA) in that 2FA requires two pieces of information whereas MFA calls for 2 or more pieces of evidence. In both MFA and 2FA, information only known to the correct user is required before authentication is achieved. To verify an individual’s identity and decrease the chance that your exchange account is hijacked by a malicious user, you can activate 2FA and make it such that the 2FA code in addition to their username and password is required to gain access to the account. In the same way that you may not gain access to an ATM without both a bank card and its corresponding Personal Identification Number (PIN), users must present an additional piece of information (i.e. their account’s corresponding 2FA code) when using a 2FA activated exchange account. 2FA is not a new concept and has become more popular in digital implementation and is widely recommended when using exchanges as it provides a meaningful layer of security at an arguably low cost to the user.
Although various methods exist, the most popular way to generate and manage 2FA codes is through Google’s Authenticator application. Authenticator allows people to link their exchange accounts to their application by scanning the QR code provided by the exchange when 2FA setup is prompted. Authenticator provides users with a clever way of managing their 2FA linked accounts by making use of one-time-passwords. These one-time-passwords are generated using a shared secret key on a periodic basis by both the Authenticator application and the exchange to which the application is linked. This action has the consequence of requiring direct access to the user’s 2FA device in the correct time frame to login to the account.

2FA’s primary effect is to inhibit phishing scams and online identity theft. The use of 2FA applications like Authenticator bolster your cyber security by requiring that a prospective hacker must gain access to your account information as well as your 2FA code (which would require direct access to the 2FA device or the shared secret key). Though 2FA provides an extra means of security, you must be cautious in what devices are used to access exchange accounts as compromised machines may grant malicious users access to your login information and 2FA code which would enable them to initiate an alternate log-in.