Getting started with Google Authenticator

[clover12]

OK Folks... i completed Authy registration with Binance!! It is all 2FA from here on.

What does "3FA" stand for?

It was confusing setting up because my "Passcode" was my Binance password, not my Authy Backup Passcode.
Then my "Google Authentification Code" was the 16 digit QR Code, not my Authy 6 digit Token... or the other way around?

Binance did not exactly word it self explanatory since it is juggling all these different codes and phones and iphones and desktops and emails.

It's all good to go. Now how do I TEST this thing out?  I'm scared to Log Out of binance now...

[JeromeTash]

It was confusing setting up because my "Passcode" was my Binance password, not my Authy Backup Passcode.
Then my "Google Authentification Code" was the 16 digit QR Code, not my Authy 6 digit Token... or the other way around?

Binance did not exactly word it self explanatory since it is juggling all these different codes and phones and iphones and desktops and emails.

It's all good to go. Now how do I TEST this thing out?  I'm scared to Log Out of binance now...

Yes your Binance password/passcode is different  from Authy backup passcode because authy is an entirely different thing from Binance.
Authy stores an encrypted copy of all your Authenticator accounts... if you lose your phone, It is that passcode you are going to use to recover your backups stored by authy so that you can get your 6 digit token for authentication.
It's more like an online cloud for your Authenticator accounts.

The 16 digit QR code from Google authentication is actually the recovery code... which you can write and keep somewhere safe. Since google authenticator does not offer cloud back, that is the code you use to recover your binance account.

Otherwise, once you set them up, both authentication apps will display a similar 6 digit token code every 30 seconds

[jademaxsuy]

What does "3FA" stand for?

This may help you what 3FA means as there's another meaning of it if it's not for authenticating. 3FA is three-factor authentication (3FA) or you can visit here https://searchsecurity.techtarget.com/definition/three-factor-authentication-3FA.

It was confusing setting up because my "Passcode" was my Binance password, not my Authy Backup Passcode.
Then my "Google Authentification Code" was the 16 digit QR Code, not my Authy 6 digit Token... or the other way around?

Once your 2FA is activated access binance and sign in then when you are prompted to input a code just open your authy, select the name you use and copy the 6 digit provided in authy then your good to go. In my case is not binance but all I did was sign in to the site then press the sign in button and input the 6 digit code then validate to continue.

[clover12]

It's a prety decent outfit being all set with the Authy.

I like the Binance, White List feature too... is that a strong idea to block out hackers or something?  it seems like the White List has potential to be much smarter than AUTHY is.  If you can only withdrawl into your private wallets, how could anybody steal anything from your Binance??

[DdmrDdmr]

<…>

It’s another safety feature, but not one that is not inexpungable:

- The whitelist is meant to work along with Binance’s software ecosysytem. If the exchange itself get’s hacked at some point, those restrictions may be bypassed easily. There is no tie to your whilelist outside Binance ecosystem.

- Binance is pretty safe, but no exchange is safe from hackers. Officially they have not been hacked yet, although during March 2018 there was an incident by which a third party app requested API keys and started to trade on some user’s behalf, pumping Viacoin in the process. No user was really affected in the aftermaths, as Binance reverted all the trades.

- Software is what it is, and can have bugs and backdoors that lead to unexpected breaches at some point.

Having said that, I pretty much like binance and all it’s user security features. Nevertheless, never consider your assets there invulnerable (after all, you do not control your private keys).

[clover12]

Today I logged into Binance but this was the issue....

It gave 2 options to log in.  The Google Authenticator (in my case Authy) and then SMS.

I typed in the SMS code and I was in.  So it did not require Authy at all, just the SMS.

So I should turn OFF the SMS and only use Authy?

[clover12]

<…>

It’s another safety feature, but not one that is not inexpungable:

- The whitelist is meant to work along with Binance’s software ecosysytem. If the exchange itself get’s hacked at some point, those restrictions may be bypassed easily. There is no tie to your whilelist outside Binance ecosystem.

- Binance is pretty safe, but no exchange is safe from hackers. Officially they have not been hacked yet, although during March 2018 there was an incident by which a third party app requested API keys and started to trade on some user’s behalf, pumping Viacoin in the process. No user was really affected in the aftermaths, as Binance reverted all the trades.

- Software is what it is, and can have bugs and backdoors that lead to unexpected breaches at some point.

Having said that, I pretty much like binance and all it’s user security features. Nevertheless, never consider your assets there invulnerable (after all, you do not control your private keys).

It's a scary yet very real description.  Thanks for heads UP....

[DdmrDdmr]

<…>So I should turn OFF the SMS and only use Authy <…>

That’s how I’ve got it (only Authy). After all, SMS is considered less secure, and 2FA is thought as being way more secure, with the token expiring every 30 seconds.

Edit: It may be a bit early to start messing around with API keys. They are risky if you do not manage them properly. In any case, you need to type an API label of your choice before you hit the "create new key", or nothing will happen (as seems to be the case).

API will typically be used to create your own trading software, or use a trading bot. Unless that is the case, I would stay clear of creating them since they enable trading on your behalf. There is online documentation on Binance ...
 

[clover12]

<…>So I should turn OFF the SMS and only use Authy <…>

That’s how I’ve got it (only Authy). After all, SMS is considered less secure, and 2FA is thought as being way more secure, with the token expiring every 30 seconds.

OK. i removed my SMS option from Binance.  It seems a WHOLE LOT BETTER.  thanks for assistance everyone.

Now I am staring at this API option.  What is that??? I click the link to API options and it goes into nowheres land...

[Artemis3]

OK. i removed my SMS option from Binance.  It seems a WHOLE LOT BETTER.  thanks for assistance everyone.

Now I am staring at this API option.  What is that??? I click the link to API options and it goes into nowheres land...

You don't have to worry about the API unless you want to use a third party program with Binance. For example a trading bot.

[hridoyb]

I am setting upp Google Auth for my Binance account.

How does this thing work?

I put in my email address
It makes a code in blue and flashed red colored.
What next?
Where do I input the code?

 

Now most of the exchanger required to use  Google Authenticator  for account security and also add withdraw password some exchanger. when you enable   Google Authenticator  2f  you must be stored your security code because when your phone change or lost this key helps to login your account.So more details about its visit https://support.binance.com/hc/en-us/articles/115000433432-Google-2FA-Guideline