Secure your account with two-factor authentication (2FA)
What is 2FA?
Two-factor authentication (2FA) is an extra layer of security for your CryptWin account that can be utilized to:
✓ Ensure that you are the only person who can sign in to your account.
✓ Ensure that once signed in, you are the only person who can perform certain actions such as depositing, withdrawing, or trading.
How 2FA works
When enabled, 2FA requires an extra passcode when signing in, depositing, withdrawing, or trading. This extra passcode can be stored in an app on your phone (in which the passcode changes every 30 seconds) or in a small USB device like the YubiKey (in which the passcode changes after each use).
This makes things much harder for potential attackers, as they would not only need your username and password, but would also need possession of your 2FA device (phone or YubiKey).
Functions are all the different actions you can enable 2FA for.
*Important: Without the GSL, these 2FA functions can be removed if your account sign-in is compromised. Enable the GSL after you’ve finished setting up all your desired 2FAs and Master Key.
Only sign-in 2FA does not require the GSL in order to be effective.
Each function can have 2FA enabled using different methods.
For example, you may choose to use the YubiKey method for the Sign-In function because YubiKeys are the most convenient (and secure) to use on a day-to-day basis.
Then for your Master Key function, which is only needed in the rare case when you’ve lost your Sign-In 2FA or need to remove the GSL, you may choose to use the Authenticator App method because it is less convenient to use and not needed as frequently.
The 2FA device and/or method used for the Master Key must be different from the one used for your Sign-In 2FA, otherwise it defeats the purpose of the Master Key. Remember, the Master Key allows you to change the password and settings on your account. Having Sign-in 2FA and the Master Key on the same device cancels out the security that these functions guarantee when kept separate.
It’s ok to use an authenticator app for both Sign-In 2FA and the Master Key only if they are on separate phones (or other devices).
To learn more about the 2FA methods and how to set them up, see these specialized guides:
|Authenticator App||Phone or laptop||Moderately secure|
|Static password*||N/A||Least secure|
*Static password is not an available option for your Sign-In 2FA or Funding 2FA.
Note: We don’t offer SMS-based 2FA because they are not secure enough.