What is Two-Factor Authentication?

Two-factor authentication (2FA) provides an extra layer of security by giving you a one-time password (OTP) each time you login to your account. When you set up a 2FA app on your device you will be protected even in the event of an attacker compromising your phone number.


We recommend using Google Authenticator, though you can use any app your phone accepts. When using Google Authenticator for your 2FA codes, you will still be protected even if your CoinZoom account password is stolen and your phone number is ported. The only way to generate 2FA verification codes when using Google Authenticator is by physically accessing your Google Authenticator app.


Note: 2FA replaces OTP email security measures. When you set up 2FA, you will no longer receive emails with an OTP when logging in.

How do I set up two-factor authentication?

What if I lost the device with my 2FA app?

We can help you get around the loss of your 2FA app. See this article: How to Reset Your Two-Factor Authentication (2FA).

What 2FA apps can I use?

Currently we encourage use of the Google Authenticator app, available in your app store. 

Can I move my 2FA codes to a new device?

Why is my 2FA Code Invalid?

There are several causes for a 2FA code being invalid. It will be invalid if:

  • The code has expired. Depending upon the authenticator app, you have 30 to 60 seconds to put the 6-digit code into CoinZoom. Try waiting until the code changes to give yourself enough time to put it in.

  • The authenticator app is disconnected from CoinZoom. This happens when you get a new phone or have deleted the authenticator app from your phone. In this case, you'll need our help to reset your 2FA so that you can reconnect it to your CoinZoom account. We will need a brief video and photo ID from you according to the directions in this article: How to Reset Your Two-Factor Authentication.

  • 2FA is not yet set-up and you have to re-login each time you copy the secret key. When you're setting up 2FA for the first time, you will get an invalid OTP error if you have to re-login to CoinZoom before it is set up. If you have already copied the secret key to your authenticator app, but when you return to CoinZoom, it requires you to login again, it will give a new secret key. This requires you to delete the entry in the authenticator and start over. Do not have more than one CoinZoom entry in your authenticator or else you will likely not remember which one to use. The re-login resets the secret key and produces a new one.

    To avoid having to re-login to CoinZoom, switch between the authenticator and CoinZoom. This can be done by showing all the open apps on your screen and swiping left or right until you come to CoinZoom.
    To switch between apps, show the open apps on your screen (each screen will be small) and swipe left or right to access CoinZoom.
  • The authenticator is out of sync. Google Authenticator can get out of sync and will not update the 2FA code properly. Follow the instructions in the Google Authenticator 2FA Troubleshooting article.