Help CenterSecurity
Security5 min read

Two-Factor Authentication (2FA)

How to set up and use 2FA on XamanProtocol, and what to do if you lose access to your authenticator.

What Is 2FA?

Two-factor authentication (2FA) requires two proofs of identity to log in:

  1. Something you know — your password
  2. Something you have — a time-based code from your authenticator app

Even if an attacker has your password, they cannot log in without the time-based code from your device.

Setting Up 2FA

  1. Install an authenticator app: Google Authenticator, Authy, or 1Password (iOS/Android — free).
  2. In XamanProtocol: Dashboard → Settings → Security → Enable 2FA.
  3. Scan the QR code with your authenticator app.
  4. Enter the 6-digit code shown in the app to confirm setup.
  5. Save your backup codes in a secure location — these let you recover access if you lose your device.

Using 2FA to Log In

After entering your email and password:

  1. A second screen asks for your 2FA code.
  2. Open your authenticator app and find the XamanProtocol entry.
  3. Enter the 6-digit code shown (codes refresh every 30 seconds).
  4. You are now logged in.

Codes expire every 30 seconds — if it won't accept the code, wait for the next code cycle.

If You Lose Your 2FA Device

If you lose your phone or authenticator access:

  1. Use a saved backup code to log in and disable 2FA.
  2. If you don't have backup codes, contact support. You will need to go through identity verification to regain access.

Always save your backup codes when setting up 2FA.

Frequently Asked Questions

Is 2FA mandatory?+
2FA is strongly recommended but currently optional. We highly encourage enabling it to protect your funds.
Which authenticator app should I use?+
Any TOTP-compatible app works. Google Authenticator and Authy are the most popular. Authy supports cloud backup of your 2FA codes, which is useful if you lose your phone.
My 2FA code isn't being accepted. Why?+
Codes expire every 30 seconds. Make sure your device's time is synced correctly (automatic time settings). Try the next code in the 30-second window.
Can I use SMS-based 2FA?+
SMS-based 2FA is not currently offered. We only support authenticator app (TOTP) based 2FA, which is more secure.

More in Security

Didn't find what you were looking for?