Everything about 2FA

What is 2FA

Why aren’t passwords good enough?


Before addressing the question ‘what is two-factor authentication’ or ‘what is 2FA,’ let’s consider why it’s important to improve your online security for your online accounts, like your Cryptocurrency exchange account. If you keep your cryptocurrency on an exchange, you are entrusting your private keys to the exchange. Access to your online exchange account would mean access to all your cryptocurrency on the exchange. If a hacker attains access to your exchange account, you might lose all your funds stored on the exchange.

Humans are not good at setting passwords. A recent report looked at over 1.4 billion stolen passwords and found that most were embarrassingly simple. Among the worst are “111111,” “123456,” “123456789,” “qwerty,” and “password.” While these are easy to remember, any decent hacker could crack these simple passwords in no time.

The easiest way to add an extra level of protection to user accounts is two-factor authentication, also commonly referred to as 2FA.

2FA To The Rescue

2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information, the One Time Password (OTP). 

There are many different types of 2FA: Hardware tokens (like your I-banking token), SMS 2FA, Software Tokens just to name a few. 
 

Software Tokens for 2FA

Most Cryptocurrency exchanges like NuMoeny uses a software-generated time-based, one-time passcode (OTP).

First, a user must download and install a free 2FA app on their smartphone or desktop (we recommend Authy). They can then use the app with any site that supports this type of authentication. At sign-in, the user first enters a username and password, and then, when prompted, they enter the code shown on the app. Like hardware tokens, the soft-token is typically valid for less than a minute. And because the code is generated and displayed on the same device, soft-tokens remove the chance of hacker interception. That’s a big concern with SMS or voice delivery methods. Hackers have been able to intercept SMS 2FA or voice delivery 2FA through social engineering attacks.

Best of all, since app-based 2FA solutions are available for mobile, wearables, or desktop platforms — and even work offline — user authentication is possible just about everywhere.

 

Source: https://authy.com/what-is-2fa/

Setting up 2FA

  1. Click on Accounts on the sidebar
  2. Click on Activate 2FA
    image
    image
  3. Download and sign up on one of the following applications:
    1. Authy Google Playstore | Authy Apply Appstore
    2. Authenticator Google Playstore | Authenticator Apple Appstore
  4. On Authenticator:
    1. Select the + button on the top right
    2. Select Scan Barcode
    3. Scan the QR code showed on the screen on NuMoney Exchange or manually enter the code
    4. Enter the OTP code
  5. On Authy:
    1. Select Add Account
    2. Select Scan QR Code
    3. Scan the QR code showed on the screen on NuMoney Exchange or munually enter the code.
    4. Enter the OTP code

Notes: If you use Google authenticator, is recommended that you back up the code showed above the QR code in case you lose your Authenticator App. It would take a significant amount of time to restore your 2FA code if you lose your google authentication app.

Having problem activating your 2FA?

Steps to fix "Incorrect Code" errors with Two-Factor Authentication

The most common cause for "Incorrect Code" errors is that the time on your Google Authenticator app is not synced correctly. To make sure that you have the correct time in your Google Authenticator app follow the instructions for your operating system below.

On Android:

  1. Go to the Main Menu on the Google Authenticator app
  2. Select Settings
  3. Select Time correction for codes
  4. Select Sync now  

 

On the next screen, the app will confirm that the time has been synced, and you should now be able to use your verification codes to sign in.

 

On iOS (Apple iPhone):

  1. Go to the iPhone Settings App. (your phone settings area)
  2. Select General
  3. Select Date & Time
  4. Enable Set Automatically
  5. If its already enabled, disable it, wait a few seconds and re-enable

 

 

What happens if you lose access to 2FA and wants to disable 2FA?

This is what you need to do

So you lost access to your phone that has your 2FA app and you will like NuMoney to disable 2FA for you, this is what you need to do:

  1. Send an email to [email protected] with the title: 2FA Reset Request
  2. Attach the following documents in your email:
    1. ID/Passport Front
    2. ID/Passport Back
    3. Selfie with yourself holding up your ID/Passport and a piece of paper with these handwritten:
      1. today's date
      2. and the words: "Reset 2FA"

Why must we be strict with requests to disable 2FA?

Because we want to make it hard for hackers who can impersonate you to disable 2FA, for which they can access your account with just a password.