It is critically important to set up a 2-factor authentication (or 2FA for short) for any website that contains your private information or your funds. Here's how to do it on HitBTC:
1. Click “Settings” icon at the top right corner of HitBTC page and open the “Security” tab.
2. Download the application suitable for your device.
When it comes to choosing the right 2FA application there are several excellent options:
- Authy (recommended) on the official website
- FreeOTP in App Store
- Google Authenticator in Google Play
Authy can be installed both on your desktop and mobile device. Below please find a brief Authy mobile app installation guide.
3. In Authy, set up an account and log in (you will need to enter your current phone number to confirm the account).
4. Tap on three dots in the top right corner to open the Settings page.
5. In the Account tab, you can add an email address and enable backups to be able to recover the codes if you lose access to your current device.
6. Go back to the main screen and press +; you will be asked to scan a QR code or enter the key manually (you can find both on your Security page: https://hitbtc.com/settings/security).
7. Print out or write down your backup code and keep it in a safe place. If your device is broken, lost or stolen, this may be the only way to log in without asking for assistance from HitBTC Support.
8. Enter the code from your app and click the “Confirm” button.
9. Check your mailbox: there should be an email with your confirmation link. Click it within 10 minutes, before the link has expired.
Great! You are all set.
Now the 2FA is enabled on your account. Starting now, and with every following attempt to log into your HitBTC account you will be asked to enter the code. You will also need to enter the code to confirm each withdrawal of funds from your account.
If you would like to use Authy on your desktop as well, you can download the app at https://authy.com/download/ and install it on your computer. As you have already set up an Authy account on your smartphone, all you need is to authorize the new device.
Google Authenticator and FreeOTP are installed following a very similar process, except that no desktop versions of these apps are available. Another consideration when choosing the right authenticator app for you is that Google Authenticator is not transferable to a new device, so – if you lose access to your smartphone, you will not be able to recover Google Authenticator on a new one.
Note: Please keep in mind that 2FA is not a 100% security guarantee. 2FA code can be stolen via phishing, or a code-generating device might be compromised. You should not pin all your hopes on 2FA; ideally, it should be only one of the many precautions you're taking.
Do not see a confirmation email in your mailbox? Try these recommendations.
Lost your 2FA device/deleted app? These tips will help you.
2FA codes do not work? Read this article.