Guide : How To Buy Cryptocurrency In Australia

By Tony Johnson
Share this post:

Two Factor Authentication - 2FA Is A Must

When using online cryptocurrency trading platforms it is usually required and very much recommended to enable two-factor authentication (2FA). 2FA means that as well as your username and password there is something else you need to have to prove your identity. This is often either an sms code sent to your phone (to prove you have your phone) or by providing a time based security code generated by an app on your phone (to prove you had the code when 2FA was enabled).

Google Authenticator

I recommend the Google Authenticator if you need a time based security code generator, I haven’t ever had an issue with it. It is free and is available for both Android... and iPhone.... I’m going to explain how exactly to use this device as it is sometimes a point of confusion for people and can lock you out of your account if you don’t set it up right!

What does it do?

So Google Authenticator provides an app that continually generates a 6 digit code, every 30 seconds, based on the current time and a key. Once the code disappears it is no longer valid and a new code appears, which is valid for the next 30 seconds.

The Key, which is the important bit of your 2FA setup is provided to you by your account provider. For example, It could be you are protecting your Dropbox account with 2FA, in that case Dropbox will provide you with a short alpha numeric code or more likely it will get you to scan a QR code so you don’t enter any typos. If you do include any typos when setting up your 2FA you won’t be notified, your codes just won’t work!

When adding a new account to the Google Authenticator, you click the plus sign and choose scan QR code or Enter Provided key. Before you add your account you should save your Key or a copy of the QR code somewhere secure to allow you to restore the account in the event you lose your phone. Just to be clear, I recommend securely storing a copy of your 2FA QR code or the key to allow you to be self-sufficient in restoring your 2FA account to Google Authenticator again in the future if you lose your phone. This is not what most people would recommend, but speaking from experience it is by far the easiest. You need to ensure your storage location is truly secure though. Most accounts come with ways to disable 2FA or they will make you answer a whole bunch of questions you will forget the answers to, unless you write them down! But by far the easiest is to securely store the key or QR code, which will allow you to set up the account again to generate 6 digit codes that are valid on any device. By secure storage I mean an encrypted usb thumb drive like here, Corsair Padlock 3 16GB Secure Flash Drive.... or on cloud storage (Dropbox, OneDrive, Google Drive etc iCloud lol), after locally encrypting with something like AxCrypt....

How do I save my QR code or Key?

If you do choose to store a copy of your 2FA QR code or the key, you should take a screenshot or generate a PDF of the page containing the info. As I mentioned this isn't generally recommended and if someone manages to get hold of your account details, including the login and password plus your 2FA QR code or key, your account is compromised, and your crypto will soon be dust.

I don't trust Google!

Don't worry, Google isn’t interested in accessing your account! Google doesn’t keep a copy of your QR code or your Key. And you do not have to provide any account details or your password to Google. If you don’t like google I’m sure you can find another free 2FA app provider, but you will have the same concerns with them I am sure! If you run into problems with your 6 digit codes continual not being recognised you may have an issue with the time on your device. If it isn't the same as your account providers time, i.e. it isn't synced correctly it will be generating the incorrect codes for the time. Make sure your devices gets its time automatically or investigate the time correction function in Google Authenticator.

Next : Identity Verification (KYC)