Whoever uses exchanges like Bittrex or Kraken has probably seen it: 2FA. What is 2FA and why should you use it and how? And most importantly: What to do if you lost your 2FA?

What is 2FA?

2FA stands for two factor authentication. As the name suggests, it is a second layer of security already existing, such as a password. A concrete example of this is to log in to your dutch DigiD. First, you must log in with a username and password, and after that you must enter a code that you received by SMS.

Nice read: What is an ICO and how to participate?

Other known examples of a second security that you can use are your fingerprint, sent email template with a link you must confirm, or a 6-digit code that you must complete within a certain amount of seconds. The latter option – a number code – is often used by exchanges.

In order to counteract some forms of cybercrime, certain exchanges oblige their use. A few days ago, Bittrex decided to commit 2FA after their system was attacked.

So, 2FA can also be applied to exchanges where you buy or sell cryptocurrency. Suppose an unwelcome person has gained your credentials, then he must also have your 2FA code.

Setup 2FA

Before you can use it, you need to take some steps to use 2FA. First of all, you must have a (mobile) device where you can install a 2FA app. Some well-known 2FA applications available for both Android and iOS phones (and/or tablets).

  • Google Authenticator
  • Authy
  • Lastpass

After you’ve installed the app on your phone, it’s time to start!

Add 2FA for Kraken in 10 steps

  1. Login and click ‘Account’
  2. Click ‘Security’
  3. Click ‘Two-Factor Authentication’
  4. In this example we’re adding 2FA for trading, look for ‘Trading’ and click ‘Setup’
  5. A new screen opens. Select ‘Method’ Google Authenticator, TOTP mode.
  6. Click ‘Continue’. A new screen opens, click ‘Continue’ (again).
  7. We are now following the most important step: Make a backup of ‘OTP manual setup key’. For example, write it on a piece of paper and keep it in a vault. If you lose the setup key and for any reason you no longer have access to your 2FA, you will no longer be able to trade in this example. Set ting 2FA for login for Kraken and lose your 2FA, means you cannot log in to Kraken!
    Kraken 2fa
  8. Almost there. Scan the QR code with the Google Authenticator app
  9. A six-digit code will appear. Use it at ‘One-time Password’
  10. Click ‘Confirm’.

We’re done! 🙂 An official guide can be found here.

Setup 2FA for Bittrex in 7 setps

  1. Login and click ‘Settings’
  2. Click ‘Two-Factor Authentication’
  3. The most important step: Backup your ‘Secret Key’, in this example: NKOTB123TESTCODE
  4. Open your Google Authenticator-app, hit ‘+’ and scan the QR-code
  5. A six-digit code will appear. Use it at ‘One-time Password’
  6. Click ‘Enable 2FA’Bittrex 1
  7. You will receive an email from Bittrex. Click the link within the mail.
    Bittrex 2

We’re done! 🙂 Another explanation can be found here.

Some 2FA apps – like Authy and Lastpass – make backup of your 2FA codes. However, I recommend that you make backup copies yourself.

Lost your 2fa, no backups

That sucks, your smartphone falls into your newly built swimming pool. You’ve lost not only the funny videos of your rabbit, but also all two factor verification codes. “No worries, Google certainly made a backup for me”. Think twice: that’s not the case.

Google Authenticator is leeg

The iPhone from ‘someone I know’ which was restored with iCloud. No codes in Google Authenticator.

To be honest I have to say that I didn’t had any backups for my 2fa access codes, but since I know what trouble it can generate … Just think: Your crypto’s are at their ATH and you want to sell all your digital coins, but you can’t trade anymore because don’t have the 2FA’s.

Nice read: In what kind of wallets can I store my cryptocurrency?

Fortunately, I know someone who has overcome this and this “Someone I Know” (SIK) has been so nice to explain what to do if you haven’t made backups of your 2FA and what route you need to take to get everything working.

Kraken

  • First respons: 2 hours
  • Status: Solved, in 12 hours!

Kraken’s customer service is renowned for its good and prompt help and in this case they made it true. Can you no longer sign in, because you lost your two-factor authentication keys? Then Kraken wants to know the following information:

  1. Full name
  2. Date of birth
  3. Telephone
  4. Adress (>Tier 2)
  5. A copy of your ID (>Tier 3)
  6. Balance of your Kraken account (LTC, BTC, etcetera)
  7. As detailed descriptions of deposits and withdrawels

All this information must be sent to the customer service by mail. You will be reassured at a time when you receive the redemption:

Laatste reactie van Kraken

Be smart and clear all communication between you and Kraken.

Bittrex

  • First response: 5 hours
  • Solved? Yes, after 8 days

Bittrex was not as fast as Kraken, but in the end the helped SIK. What Bittrex wants to receive from you before they can help you:

  1. Recent IP address with which you logged in
  2. A recent transaction ID of a payment you made with or to Bittrex
  3. Your current cryptocurrency balance on Bittrex

If you have more than 1,000 dollars of crypto’s on your Bittrex account, Bittrex wants to see an official ID. The ID + ‘Bittrex plus todays date’ on a paper must be hold by you: make a selfie. The documents may not be sent as *.zip or *.pdf.

Please note that the checkout process is partially automatic. Software will thus determine whether your sentenced data is correct. Therefore, if you make certain values of your identification (for any reason) unreadable, your selfie will not be approved!

Once you are through the check, the redemption will follow:

Cryptopia

  • First response: 8 days
  • Status: solved, after 14 days.

Although I did not initially want to take Cryptopia into the 2FA explanation, I decided to do it because you can, thanks to this article, hopefully reduce the waiting time. After all, a good preparation is half the work 😉

With a duration of 14 days, Cryptopia is the slowest of the three when it comes to help. On the other hand, they will at least give a response and eventually resolve the matter; That’s not always the case with other cryptocurrency exchanges.

What to send.

  1. The balance on your Cryptopia account (how many LTC, BTC, etc.)
  2. As detailed description of deposits as possible.
  3. Any recent transactions of a payment you have made with or to Cryptopia.
  4. Your current cryptocurrency balance

And then wait… Our SIK in question had to wait for two weeks, before redemption took place.

Moral of the story

I’ve reported dozens of times, but I’ll do it again: Make backups! Whether it’s your public keys, private keys or 2FA.