1. Home
  2. Q&A
  3. Account security
  4. Two-factor authentication

Two-factor authentication

Why do I need two-factor authentication?

Two-factor authentication is a ‘must-have’ security measure for securing all financial services in the 21st-century. Besides the standard password, 2FA involves entering a one-time code each time you log into your account or attempt to withdraw funds.

Therefore, if by chance, malicious attackers have access to your username and password, it will not be possible for them to access your account and use your funds without a one-time code.

Core advantages of two-factor authentication are as follows:

  • You do not need additional facilities for work because authentication is performed via a mobile device, which is usually within reach.
  • The confirmation code is always new and more secure than a single password.

How do I enable two-factor authentication?

You can enable two-factor authentication in your EXMO.com account settings in the “Protection” section. Step-by-step instructions are available here.

Switch on 2FA

What does it mean to use two-factor authentication "Only at login?"

Selecting this option means that while logging into your account along with the standard username and password, you will use a unique one-time code. It is also used to change the profile settings. Two-factor authentication can be used through SMS or by using the Google Authentication App, installed on your mobile phone. To enable two-factor authentication “Only at login” in the main menu select “Profile” then “Protection (Google + SMS)”.

What does it mean to use two-factor authentication "Full protection" - "Do not use when withdrawing to “My Account”?

If you select the box “Do not use when withdrawing to “My Account” that means you have selected “Full protection”. A confirmation will no longer be required when withdrawing funds, as the details are already stored in “My Account”. Please note that if you have previously made a withdrawal on your account, but the details were not saved to “My Account” or you carried out a new transaction, you will need to confirm the withdrawal and select the authentication type used before.

What does using "Full Protection" two-factor authentication mean?

Selecting this option means that when changing profile settings, withdrawing funds or authorising, unique one-time codes will be used, in addition to the standard login and password. They can be received by SMS or generated via the Google Authentication application installed on a mobile device.

How do I turn off two-factor authentication?

In order to disable two-factor authentication on your EXMO.com account, go to the “Protection” section of the Profile Settings. Then click “Deactivate” on “SMS authentication” or the “Google Authenticator” tab depending on your 2FA means.

What is Google Authenticator and how does it work?

Google Authenticator is an app for generating one-time authentication (TOTP) codes. The application is supported by Android phones, iPhone and BlackBerry, and can also work without an Internet connection.
The user needs to install the application on the selected device to generate random codes. These codes must be entered in the appropriate field when changing profile settings, withdrawing funds or logging into an account. In addition to the mobile app, browser plugins are available (for example, an extension for Google Chrome).

Follow the link to learn how to set up Google Authenticator.

What should I do if I haven't received the SMS code?

Issues with receiving SMS for authorisation or confirming fund’ withdrawals can be caused by the following reasons:

  • There is not enough space on the phone to receive SMS.
  • The phone is out of network coverage range.
  • Occasionally, problems may arise if the user’s phone is in “Roaming” mode.
  • Problems with the mobile operator.
  • Phone software freeze. In this case, SMS can be received after updating the network connection, rebooting the device, and requesting a balance.
  • If the SMS message is not received, we recommend that you do not send the request to resend the code multiple times in a short period of time. The request should be repeated every 10 minutes. If the problem is not resolved within 30-40 minutes, please contact Customer Support.