What is 2-factor authentication (2FA)?
Two-factor authentication (2FA), also known as 2-step verification, is a security layer in addition to your username and password. With 2FA enabled on your account, you will have to provide your password (first “factor”) and your 2FA code (second “factor”) when signing in to your account. 2FA codes are associated with a specific device (such as your phone) or your phone number.
What is TOTP?
Time-based One-Time Password (TOTP) is currently the most secure 2FA method recommended by Quidax. TOTP is an algorithm that generates a code based on the current time and a secret key known only to you and the online service, in this case Quidax. The act of sharing this secret key is safe from man-in-the-middle attacks as there is no communication that happens over the internet. Quidax shows you a QR code, which is a representation of the secret key, which you then scan using an Authenticator app in your mobile device. Google Authenticator allow you to generate TOTP codes using your mobile device or computer.
Which type of 2-factor authentication should I use?
Quidax recommends using Google Authenticator or another offline authenticator app such as Duo or 1Password.
Since SMS and the Authy app are linked to a phone number, they can leave customers susceptible to phone number porting attacks. These types of attacks involve an attacker transferring or “porting” a victim's phone number to a device the attacker controls, effectively taking over the number and associated 2-factor authentication codes.
By using Google Authenticator or another authenticator app, the only way to access the codes is via physical access to the device running the app.
What if I get a new phone or my code stops working?
When you get a new phone or lose your current one, the steps to transfer your 2FA codes to a new device will depend on how your codes generated.
You can find detailed instructions and trouble-shooting tips here