Multi Factor Authentication

At CoinJar security is our top priority.  To enhance customer account security we provide Multi-Factor Authentication (MFA). When enabled, MFA requires that you authorise payments on at least one other device (such as your mobile phone) before a transaction can be processed.  The following article describes MFA, and we have an associated knowledge base article to assist you in getting it all setup

What is Multi Factor Authentication?

Multi-factor authentication (MFA) means a website requires confirmation from more than one device before you can perform a particular action (e.g. to log in or process a transaction). Once set up correctly the system will send a code, via SMS or an authentication app (e.g. Google Authenticator), that you input into that website to authorise the transaction.

Let’s use sending bitcoin using CoinJar as an example. The first-factor authentication comes from logging in with your CoinJar username and password. The second factor is required when you go to send bitcoin or alter your account settings.

CoinJar will send a MFA code to your phone, which you will then input where requested. This tells CoinJar that the person who has requested the withdrawal also has access to your phone, thus confirming that the requester is most likely you. This helps protect your account from hackers in case they manage to gain access to your password.

This guide was previously a walkthrough of MFA activation; this information is now captured in our knowledge base.  See the links below for more details.

Setting up SMS authentication

Follow the steps under the heading Setting up SMS Authentication in the knowledge base article, Keeping your CoinJar Secure with Multi Factor Authentication.

Setting up Application (TOTP) authentication

Follow the steps under the heading Setting up TOTP Authentication in the knowledge base article, Keeping your CoinJar Secure with Multi Factor Authentication.

Using MFA to send bitcoin

Follow the steps under the heading Sending Bitcoin in the knowledge base article, Sending Bitcoin.


MFA is becoming a standard across the board as hackers think of more and more complicated tricks compromise internet based accounts. Using MFA requires at least two of your devices to be compromised so it greatly reduces the chance of your account being accessed.

If you have any questions about this article please take a look at the knowledge base and also feel free to contact our Support team.


Don’t invest unless you’re prepared to lose all the money you invest. This is a high‑risk investment and you should not expect to be protected if something goes wrong. Take 2 minutes to learn more: www.coinjar.com/uk/risk-summary.

Cryptoassets traded on CoinJar UK Limited are largely unregulated in the UK, and you are unable to access the Financial Service Compensation Scheme or the Financial Ombudsman Service. We use third party banking, safekeeping and payment providers, and the failure of any of these providers could also lead to a loss of your assets. We recommend you obtain financial advice before making a decision to use your credit card to purchase cryptoassets or to invest in cryptoassets. Capital Gains Tax may be payable on profits.​​

CoinJar’s digital currency exchange services are operated in Australia by CoinJar Australia Pty Ltd ACN 648 570 807, a registered digital currency exchange provider with AUSTRAC; and in the United Kingdom by CoinJar UK Limited (company number 8905988), registered by the Financial Conduct Authority as a Cryptoasset Exchange Provider and Custodian Wallet Provider in the United Kingdom under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended (Firm Reference No. 928767).