Securing your Cryptocurrency with 2FA like Google Authenticator and Authy; what you should do…and shouldn’t

Cryptocurrency is no doubt on the rise judging by the growing interest of investors, ranging from seasoned to rookie. From Bitcoin to Altcoins (like Ethereum), Shitcoins to Scamcoins, investors are hoping to make promising gains that the stock market wouldn’t give in such a short period of time. This has not only made cryptocurrencies easy to buy but even easier to lose.

Do Bitcoin investment schemes promising daily interest for life sound familiar? What about cryptocurrency exchanges that simply vanish with all your coins? Pump and dump schemes? Lost secret / private keys for your offline wallet? Lost access to Two Factor Authentication (2FA) recovery keys? Its quite a long list and unlike in the banking system where the banks look out for your money, its mostly your responsibility to protect your digital coins / wallet.

When choosing a wallet, you could go for an online or client (offline) wallet, each having its advantages and disadvantages. Most online crypto wallets I’ve used encourage you to setup 2FA to help secure your account and this is highly recommended. The secondary verification could be via E-mail, SMS  or Timed Code (generated by Google Authenticator or Authy). My focus will be on using timed code verification as while this is about the most secure (in my opinion), it’s quite easy to make a mess of.

Setting up 2FA via Google Authenticator

A while back (when I knew almost nothing about cryptocurrency), while setting up 2FA for an online wallet I’d signed up for, I was presented with a bar code to scan. After scanning the bar code with Google Authenticator, a new profile was automatically created in Google Authenticator (GA). I was lucky to have just copied everything on the 2FA success page and saved to a notepad. Several months later, I’d wiped and changed phones but here was the site asking me to enter the code generated by GA in order to login. I happily installed GA from Play Store but was greeted with a bank home screen. No option to login or anything. How was I to generate a code?

This very online wallet was about to fold up and we’d all been instructed via e-mail to withdraw our coins immediately. They were also notorious for zero to late responses to emails and time was running out. I recalled I’d copied stuff (who’s use I didn’t know) to a notepad and still had the file. GA gave options to scan bar code (which I wasn’t provided with) or enter a key… and then it struck me! My recovery key was the 16 digit code in that notepad. On entering it, The profile was created and I was able to generate a valid code. Pheew!

Lesson: Secure your 16-digit Google Authenticator recovery key 

Setting up 2FA via Authy

My crypto (on another online wallet) had made some gains so I figured it was time to sell off. Problem was that I’d not logged in in a while, enabled 2FA with Authy and had wiped my phone. When setting up Authy, I’d linked it to my phone number so I was able to regain access to Authy in some days after filling the Authy password recovery / reset form. I’m glad I had not broken that SIM as I had planned to, only put it aside. Welcome back would’ve been impossible as it wasn’t properly registered and I’d misplaced the SIM pack.

Lesson: If 2FA is linked to your E-mail address or Phone number then ensure you are able to regain access to either should you uninstall Authy or lose your password