Two-factor Authentication
Two-factor authentication (“2FA”) is a good way to improve the security of an account, to make it less likely that any other person will be able to log in using your account.
Practically, it means storing a secret code inside an authenticator (usually on your mobile phone) and exchanging a code from the authenticator when you log in.
This means an attacker needs to have guessed (or found) both your password and have access to (or steal) your authenticator, making it much more difficult than just a password.
Requirements
(Note: These lists are just examples, they are not endorsements of any specific software.)
If you don’t already have one, you will need to choose an authenticator.
Phone-based authenticators are the easiest and most common so we will
assume you’ll pick and install one on your phone, examples include
Authy, FreeOTP, Google Authenticator,
LastPass Authenticator, Microsoft
Authenticator,
…
password managers also commonly include 2FA support e.g. 1Password, Bitwarden, …
For the sake of demonstration we will be using Google Authenticator (not because it is any better than any others, but simply because it is quite common).
Setting up two-factor authentication
Once you have chosen your authenticator of choice, open your MXTB App and login with your account that you want to setup 2FA on.
Click the "My Account" button:
Click "Edit Security Settings" (located under the heading "My Account Security")
Click the "Enable two-factor authentication" button:
Because this is a security-sensitive action, you will need to input
your password:
After which you will see this screen (or similar) with a code:
In most authenticator applications, you can simply scan the QRcode via the
authenticator of your choice, and the authenticator will then take care of
all the setup:
If you cannot scan the QRcode on screen, then you can
click the provided link, or copy the secret to manually set-up your
authenticator:
Once this is done, the authenticator should display a verification
code with some information identifying the associated account
(e.g. the login account which the code is for).
Now input the code into the "Verification Code" field in the MXTB App
Click the "Activate"
button.
Congratulation, your account is now protected by two-factor
authentication!
Logging in
(If you are still Logged in - First 'Log out')
On the login page, input the username and password, for the account which you setup 2FA, and login as normal.
Instead of immediately accessing MXTB, you will now get a second log-in screen asking for 2FA authenticaton code:
Open your authenticator, retrieve and input the code it provides for the account.
Complete validation of the code, and you’re now logged in.
And that’s it. From now on, unless you disable 2FA you will have a two-step log-in process rather than
the old one-step process.
Warning
Don’t lose your authenticator !
If you do, you will need to contact MXTB Support to disable 2FA on the account.