What Is 2FA?
Two-factor authentication (2FA) requires two proofs of identity to log in:
- Something you know — your password
- Something you have — a time-based code from your authenticator app
Even if an attacker has your password, they cannot log in without the time-based code from your device.
Setting Up 2FA
- Install an authenticator app: Google Authenticator, Authy, or 1Password (iOS/Android — free).
- In XamanProtocol: Dashboard → Settings → Security → Enable 2FA.
- Scan the QR code with your authenticator app.
- Enter the 6-digit code shown in the app to confirm setup.
- Save your backup codes in a secure location — these let you recover access if you lose your device.
Using 2FA to Log In
After entering your email and password:
- A second screen asks for your 2FA code.
- Open your authenticator app and find the XamanProtocol entry.
- Enter the 6-digit code shown (codes refresh every 30 seconds).
- You are now logged in.
Codes expire every 30 seconds — if it won't accept the code, wait for the next code cycle.
If You Lose Your 2FA Device
If you lose your phone or authenticator access:
- Use a saved backup code to log in and disable 2FA.
- If you don't have backup codes, contact support. You will need to go through identity verification to regain access.
Always save your backup codes when setting up 2FA.