[Guide] How to Enable 2FA using Google Authenticator or Any Authenticator!

[nakamura12]

Hello guys I am nakamura12,
I would like to share this tip on "how to enable Two Factor Authentication also known as 2FA by using address only" to newbies and other forum members that didn't know how to enable 2FA. To those who already know how can also help (if you want to). At the bottom is an explanation why you should make a back up of the secret key of the 2FA.

Before I start, You must download and install an Authenticator in your mobile device or in desktop if you know an authenticator that have desktop version. There are Authenticator that you can use.

The Authenticator used in this thread is Google Authenticator since it is what I used before and this is only an example and the point or goal of this is all about how to enable 2FA. It's up to you on what 2FA authenticator you will use.

1] Open the website where you want to enable 2FA and log in your account, after that open account settings. In my case refer to image below where I can see the 2FA in my accounts settings. My case is in einax website. (Note: I'm not advertising their website and I use it for example only)

2] Click the Two-Factor Authentication as shown in image above and you will be redirect to new page where you can see the address needed to enable 2FA. Refer Image below.

3] Copy the address that is provided from the website.

4] Open the Google Authenticator you downloaded from Playstore. Next, Press the red + sign button.

Next, Click enter a provided key

Enter the name of the website where you want to enable 2FA account and paste the address and then Click "ADD".
Ex: Bitcointalk 2FA Guide
Address: LBCUE6MW2GV2I4VI

You can see the "CODE" now in your mobile device and it changes time after time

Now, type the code where you copy the address and "CLICK ENABLE 2FA".
Ex code: 105885

You're good to go. You're 2FA is enabled.

UPDATE:

Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.

2FA - Important Precautions with Google Authenticator

Other Authenticators you can use:
Best 2FA applications to use. Open source, free, secure. Better than Google's

REASON: You can't get code again from another device if you lose your mobile device but by doing the same guide with the same secret/address key you use in google authenticator that you backed up then you don't have to worry.

Feel free to ask questions or correct my mistakes If i have mistakes in my guide.
In my case I enable 2FA in my account in einax.com to be an example on how to enable 2FA.

[BitMaxz]

Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.

I just want you to add this method because the android google authenticator doesn't have a backup feature unlike in laptop/PC.

[nakamura12]

Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.

I just want you to add this method because the android google authenticator doesn't have a backup feature unlike in laptop/PC.

Got it thanks, I'll update it right away.

[pozmu]

Please correct me if I'm wrong:

• There is no 2FA option for Bitcointalk.
• Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)

[joniboini]

Do we really need a tutorial like this here? Almost every site who applies 2FA have a guide on how to do it, and you can search this quite easily on the web.

• There is no 2FA option for Bitcointalk.
• Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)

1. He doesn't talk about 2FA on this forum but in general.
2. What kind of malware can do that?

[einax]

Please correct me if I'm wrong:

• There is no 2FA option for Bitcointalk.
• Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)

You should never use the same machine to log in and store 2FA keys. This is the whole point - your 2FA key is in one place, and your login/password in a completely different place. If your PC will be breached and login information was stolen - your account is still safe, and if you lose your device - auth codes are useless because nobody knows login/password or even what they suppose to open.

Even though you should not use the same device to get OTP and log in it is relatively safe to neglect this rule on mobile, since mobile environments often use means to isolate mobile apps from each other (Android phones are slightly more vulnerable compared to iOS but still mostly safe to use).

Stay safe!

[nakamura12]

Please correct me if I'm wrong:

• There is no 2FA option for Bitcointalk.
• Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)

You're not wrong nor right. I'm not telling or referring that there's a 2FA in bitcointalk it's just an example.

Do we really need a tutorial like this here? Almost every site who applies 2FA have a guide on how to do it, and you can search this quite easily on the web.

Yes, but not for who already know on how to do so and some newbies doesn't know yet so I'm sharing this for those real newbies.

1. He doesn't talk about 2FA on this forum but in general.
2. What kind of malware can do that?

You got my point on this one.

[gellany32]

I have already downloaded Google Authenticator and it seems it only works on smart phone. I have used the email which is connected to my phone.

Now it work even if I used my PC still ask for a 2FA google authenticator. However, I am only picking some website that should be used with 2FA google authenticator for it will be annoying also if it will be applied to all websites.

[Crypto Girl]

It work even if I used my PC still ask for a 2FA google authenticator. However, I am only picking some website that should be used with 2FA google authenticator for it will be annoying also if it will be applied to all websites.

If you think that you're doing something serious on that site then you can enable the 2FA, it isn't necessary to use this from everything. Just choose a site that seems substantial such in trading sites that we mostly use and sometimes leave our coins for a while.

Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.

I just want you to add this method because the android google authenticator doesn't have a backup feature unlike in laptop/PC.

I just know this. Thanks.

[muhammedayo1]

This is simplified enough , any newbie that have further questions can ask ,I'm sure many people are here to respond approximately.

It should also be noted that the 16Digits code should be kept safely

[nakamura12]

This is simplified enough , any newbie that have further questions can ask ,I'm sure many people are here to respond approximately.

It should also be noted that the 16Digits code should be kept safely

I know you're trying to help but it is noted already, I guess you didn't read all of it. Secret key/address key is the 16digit code what you want to be noted. BitMaxz already mention it .

Don't forget to backup secret key because it's very important when you lose your device. Make sure it's well written on the piece of paper or make a backup copy in your USB device or PC.

[pozmu]

Please correct me if I'm wrong:

• There is no 2FA option for Bitcointalk.
• Google authenticator 2FA (I think it's called time based 2FA?) is flawed as it assumes your computer is clean at the time of 2FA activation, if there is some kind of malware on your computer it could simply steal your 2FA key (secret key)

You should never use the same machine to log in and store 2FA keys. This is the whole point - your 2FA key is in one place, and your login/password in a completely different place. If your PC will be breached and login information was stolen - your account is still safe, and if you lose your device - auth codes are useless because nobody knows login/password or even what they suppose to open.

Even though you should not use the same device to get OTP and log in it is relatively safe to neglect this rule on mobile, since mobile environments often use means to isolate mobile apps from each other (Android phones are slightly more vulnerable compared to iOS but still mostly safe to use).

Stay safe!

Consider this scenario:
1. Your computer is infected with malware.
2. You set-up account on exchange and enable 2FA.
3. You fund your account on exchange from another device/ hardware wallet - you think you're safe, you're using hardware wallet and exchange account is secured by 2FA
4. After few days you find out that someone stole your coins from exchange - how this could happen???

Well, the answer is simple, points 1&2 - you received 2FA secret key on infected PC, so 2FA won't stop robbers.

[nakamura12]

Consider this scenario:
1. Your computer is infected with malware.
2. You set-up account on exchange and enable 2FA.
3. You fund your account on exchange from another device/ hardware wallet - you think you're safe, you're using hardware wallet and exchange account is secured by 2FA
4. After few days you find out that someone stole your coins from exchange - how this could happen???

Well, the answer is simple, points 1&2 - you received 2FA secret key on infected PC, so 2FA won't stop robbers.

It won't happen unless you know how to keep your computer safe (at least) from malwares. If that someone trying to steal your coins from your exchange account should at least need the exchange account (Username and Password) and the private key of course for 2fa. Changing the password after enabling 2FA is important as the saying goes "PREVENTION IS BETTER THAN CURE".

[pozmu]

But 2FA job is to secure you account against malware, it doesn't protect from hacks etc. contrary to what many people believe.

[nakamura12]

But 2FA job is to secure you account against malware, it doesn't protect from hacks etc. contrary to what many people believe.

Yes, it is. Let's just say that it's not a perfect security but it also help.

[Psalms23]

I just want to add about my experience with 2FA Authenticator which gives me a problem (well because this was new to me), I wanst able to log in however I try to encode my code and discovered that the time settings in my phone is different from the net. i just changed my time settings to set automatically and viola! its good. Just sharing, maybe some can meet this problem.

[socks435]

I just want to add about my experience with 2FA Authenticator which gives me a problem (well because this was new to me), I wanst able to log in however I try to encode my code and discovered that the time settings in my phone is different from the net. i just changed my time settings to set automatically and viola! its good. Just sharing, maybe some can meet this problem.

This is also happening to me before I always tried to use the generated code from 2fa but it doesn't work and I notice that my laptop time is not the same as my local time so I just edit and update the time and after that, I sync it from google authenticator and it works again.

So I advise to other users who experience the same thing you should always check your time if it's updated or not.

[alexgeller22]

I don’t know how anyone, but I don’t like Google Authenticator, problems with it alone, the code is not correct that time, and I came across a similar program but many times better is Authy, everything can be done easily and backups easily

[nakamura12]

I don’t know how anyone, but I don’t like Google Authenticator, problems with it alone, the code is not correct that time, and I came across a similar program but many times better is Authy, everything can be done easily and backups easily

I know that but it doesn't mean that it is best to use google authenticator, there are other people that also use google authenticator and this thread is to show on how to enable 2FA. One thing I can tell is it depends on you what authenticator you would use.

[roosbit]

Nice guide OP but imo I think Authy is a far much better alternative to the once popular Google Authenticator because

• Authy automatically backups 2FA data which google can not
• Authy has several ways of getting back onto your account unlike limited ways of Google 2fa
• Lastly the interface is user friendly too