At CoinJar security is our top priority. To enhance customer account security we provide Multi-Factor Authentication (MFA). When enabled, MFA requires that you authorise payments on at least one other device (such as your mobile phone) before a transaction can be processed. The following article describes MFA, and we have an associated knowledge base article to assist you in getting it all setup
What is Multi Factor Authentication?
Multi-factor authentication (MFA) means a website requires confirmation from more than one device before you can perform a particular action (e.g. to log in or process a transaction). Once set up correctly the system will send a code, via SMS or an authentication app (e.g. Google Authenticator), that you input into that website to authorise the transaction.
Let’s use sending bitcoin using CoinJar as an example. The first-factor authentication comes from logging in with your CoinJar username and password. The second factor is required when you go to send bitcoin or alter your account settings.
CoinJar will send a MFA code to your phone, which you will then input where requested. This tells CoinJar that the person who has requested the withdrawal also has access to your phone, thus confirming that the requester is most likely you. This helps protect your account from hackers in case they manage to gain access to your password.
This guide was previously a walkthrough of MFA activation; this information is now captured in our knowledge base. See the links below for more details.
Setting up SMS authentication
Follow the steps under the heading Setting up SMS Authentication in the knowledge base article, Keeping your CoinJar Secure with Multi Factor Authentication.
Setting up Application (TOTP) authentication
Follow the steps under the heading Setting up TOTP Authentication in the knowledge base article, Keeping your CoinJar Secure with Multi Factor Authentication.
Using MFA to send bitcoin
Follow the steps under the heading Sending Bitcoin in the knowledge base article, Sending Bitcoin.
MFA is becoming a standard across the board as hackers think of more and more complicated tricks compromise internet based accounts. Using MFA requires at least two of your devices to be compromised so it greatly reduces the chance of your account being accessed.