We use two-factor authentication to secure your account using an authenticator app. Some folks call this multi-factor authentication (MFA). Adding two-factor authentication to your account greatly improves its security in the event that your email account gets compromised by attackers.
How does it work?
The first time you withdraw Bitcoin to a wallet or try to wire to Swan, you’ll be prompted to set up your 2FA. If possible, please log in to your Swan account on a desktop or laptop computer so that your phone is available. You can also access the 2FA page directly here.
Use your phone to navigate to an app store. On Android devices, it’s the “Google Play Store”, and on iPhones, it’s called the “App store”. Please download “Google Authenticator” as we find it’s the easiest to use. Once the app is downloaded to your phone click, “Yes I have an Authenticator app” on your logged-in Swan account screen shown below:
Swan will then display a QR code. Open the Google Authenticator app on your phone and tap the + button in the lower bottom right corner, then tap “Scan a QR code”. Hold your phone's camera up so that it can scan the QR code shown on your computer screen. Your Authenticator app will register this unique QR code and continuously generate new 6-digit codes every 30 seconds. Confirm on the Swan website you have completed this step by entering a code. If the code changes before you enter it into the computer it will not work.
This process can also be completed on mobile only. If that is the case, you'll just have to copy-paste the verification code from the Swan site into your Google Authenticator manually. Click "Enter a setup key", instead of "Scan a QR code" on the Authenticator app after hitting +.
Once you have 2FA set up on your account, Swan will ask you for your 2FA code when you:
- add a new wallet.
- make a large withdrawal from a new IP address.
- login to your Swan account.
If you lose or change phones without transferring your 2FA codes, you can follow the instructions here to reset it.
If you have an account that requires multiple parties to access it
Some people avoid adding a two-factor login because they share an account with a spouse or others in their company. This is a dangerous practice that can easily be avoided by setting up a shared 2fa account. One way to do this is to have you and the other parties involved scan the QR code at the same time while setting up. Alternatively, you can use 1Password's 2FA sharing feature to share access with multiple parties.