Setting up 2-factor authentication (or 2FA for short) for any website that contains your private information or your funds is an absolute must. Here's how it's done on HitBTC:
1. Click "Settings" at the top right corner of the website and open the "Security" tab.
2. Download an application suitable for your device.
There are multiple options when it comes to choosing the right 2FA application:
- Authy (recommended) on the official website
- FreeOTP on App Store
- Google Authenticator in Google Play
Authy can be installed both on your desktop and mobile device. Below is a short installation guide for Authy mobile app.
3. In Authy, set up an account and log in (you will need to enter your current phone number to confirm the account).
4. Tap on three dots in the top right corner to open the Settings page.
5. On the Account tab, you can add an email address and enable backups to be able to recover the codes in case you lose access to your current device.
6. Go back to the main screen and press +; you will be asked to scan a QR code or enter the key manually (you can find both on your Security page: https://hitbtc.com/settings/security).
7. Print out or write down your backup code and keep it in a safe place. If your device is broken, lost or stolen, this may be the only way to log in without asking for assistance from HitBTC Support.
8. Enter the code from your app and click "Confirm" button.
9. Check your mailbox: an email with a confirmation link should arrive. Click it within 10 minutes, before the link has expired.
Great! You are all set.
Now the 2FA is enabled on your account. You will be asked to enter the code with your next and every attempt to log into your HitBTC account. You will also need to enter the code to confirm every withdrawal of funds from your account.
If you would like to use Authy on your desktop too, you can download the app at https://authy.com/download/ and install it on your computer. As you have already set up an Authy account on your smartphone, all you need is to authorize the new device.
Google Authenticator and FreeOTP have similar installation process except there is no desktop version of these apps. Also, Google Authenticator is not transferable to a new device - if you lose access to your smartphone, you will not be able to recover Google Authenticator on a new one.
Note: Please keep in mind that 2FA is not a 100% safety guarantee. 2FA code can be stolen via phishing, or code-generating device might be compromised. 2FA should not be your only hope, it has to be one of the many precautions you're taking.
Do not see a confirmation email in your mailbox? Try these recommendations.
Lost your 2FA device/deleted app? These tips will help you.
2FA codes do not work? Read this article.