What Is Two-Factor Authentication (2FA)

Customer Specialist Team

Published on 2020-10-29

Updated on 2026-02-05

About Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is a security mechanism that requires two forms of verification to access an account. After entering a password, users must pass the secondary verification via SMS code, TOTP authenticator, passkey, or biometrics.

For enhanced account security, 2FA is enabled by default once you bind your phone, TOTP authenticator, or passkey to your account.

Why Is 2FA Necessary?

1. Limitations of Traditional Passwords: Traditional password systems rely on static information, such as characters or gestures, which are vulnerable to phishing, brute-force attacks, and database breaches.

2. Advantages of 2FA: Even if a password is compromised, an attacker would still need to bypass the second layer of security (like your phone or fingerprint), significantly enhancing security.

2FA Methods Supported by CoinEx

1. SMS verification codes

Characteristics	Randomly generated and sent in real-time to your linked phone number. Typically valid for a short period (e.g., two minutes) and becomes invalid after one use.
Scenarios	Ideal for quick logins, particularly for users accustomed to SMS verification.
Notes	SMS delays may occur due to carrier systems or local signal issues. Ensure your phone has a strong signal and can receive messages, and try again later. SMS verification is susceptible to SIM card hijacking attacks, making it less secure. It is strongly recommended to enable TOTP or a passkey as your primary 2FA method.
Explore More	What to Do If I Can’t Receive SMS Verification Codes How to Bind Mobile Number (Web｜App) How to Reset / Change Mobile Number (Web｜App) How to Receive SMS Code via WhatsApp (Web｜App)

2. TOTP (Time-based One-Time Password)

Description	TOTP (Time-based One-Time Password) is a dynamic password that is generated every 30 or 60 seconds.
Characteristics	Dynamic refresh makes it difficult to obtain or crack. Codes can be generated offline without an internet connection. Supports multiple device bindings (requires backup of the key).
Recommended Tools	Google Authenticator LastPass Authenticator (ideal for LastPass users)
Key Management	The key (Secret Key) is a 16-character alphanumeric combination used to bind the TOTP authenticator.
	Take Google Authenticator as an example: You will receive a 16-digit alphanumeric secret key when binding Google Authenticator. If you lose the device linked to Google Authenticator, you can rebind it using the 16-character key on another device.
	Note: CoinEx does not back up users' TOTP keys. If you forget or lose the key, you cannot rebind the Google Authenticator. For your account and asset security, please store your secret key in the following ways: Write them down on paper. Store a screenshot in encrypted cloud storage. Save it in a password manager or TOTP app.
Explore More	How to Bind TOTP Authenticator (Web｜App) How to Reset / Change TOTP Authenticator (Web｜App)

3. Passkeys

Description	A passkey is a passwordless authentication technology based on the FIDO (Fast Identity Online) international standard. It supports biometric or hardware key verification without entering any verification code.
Characteristics	Password-free logins via your fingerprint, facial recognition, or a USB passkey. Highly resistant to phishing attacks, offering top-tier security. Supports synchronization across multiple devices.
Setup	To create a passkey on the device you are currently logged in to, you can use your biometrics (like fingerprint or facial recognition) stored on the device. To create a passkey with another mobile device, you can scan the QR code displayed in the browser with the QR code scanner or camera on your mobile device. To use a USB security key as your passkey, insert the key (e.g., YubiKey) into your computer and follow the instructions to complete the setup.
Scenarios	Ideal for users seeking maximum security and convenience. Requires FIDO-supported devices (iPhone, Android, Windows Hello).
Explore More	How to Bind Passkey (Web｜App) How to Delete / Reset a Passkey (Web｜App)

2FA Method Comparison

Method	Security	Convenience	Scenarios	Notes
SMS Code	Medium	High	Quick logins	Must keep phone/signal available
TOTP	High	Medium	Daily use and anti-phishing	Must back up 16-character key
Passkey	Extremely High	High	Passwordless + biometrics/USB	Must be compatible with FIDO devices

Disclaimer: The content on this website is for reference only and does not constitute investment advice. It is not a substitute for professional financial advice, consultation, or recommendations. We strongly recommend that users consult with a qualified financial advisor before making any investment decisions. The owners and authors of this website disclaim any liability for any losses or damages incurred as a result of reliance on the information provided. All investments carry risks, and past performance is not indicative of future results.