The best way to protect against a lost Sign-in 2FA is to set up a Master Key on a separate phone, laptop or YubiKey.
Deposit & Withdrawal 2FA and Trading 2FA do not need to be backed up as they can be easily removed when the GSL is disabled.
During authenticator app 2FA setup, you can view the setup key — which is just the QR code in text form. It is sometimes also referred to as a "backup code" or "secret seed code".
If you did not write down or copy this setup key during 2FA setup, there's no way for you (or us) to view it later. You will have to set up 2FA again.
The authenticator setup key should be treated the same way you treat a password and should not be stored digitally!
If not securely stored, the setup key can be compromised and used to gain access to your account.
- Do not share your setup key with anyone
- We will never ask for your setup key
A more secure alternative to writing down your setup key would be to set up a Master Key on a separate phone, laptop or YubiKey.
To recap:
- The 2FA authenticator setup key serves as a backup for your Sign-in 2FA codes in case you lose them (e.g. If you accidentally delete the Authenticator App). It is a static code (it does not change with each use) that should be kept safe and treated as a password. It is provided by default from your authenticator App.
- The Master Key is a particular password that allows, among other things, to bypass the Sign-in 2FA and access your account. Enabling a Master Key instead of copying the authenticator setup key is preferable because it can be changed in the event that somebody learns it. The Master Key can also be enabled as a dynamic code that changes with each use (by using an Authenticator App or Yubikey).