Two-factor authentication adds an additional layer of security to your account and is used on Fundy to confirm all transactions like investing, placing orders, withdrawing funds, and more.
What is two-factor authentication?
Two-factor authentication (2FA) is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two of evidence to an authentication mechanism: knowledge (something only the user knows) and possession (something only the user has).
2FA protects the user from an unknown person trying to access their data such as personal ID details or financial assets.
When 2FA is enabled, should someone gain access to your Fundy account they still would not be able to make any transactions on your behalf as they don’t have physical access to your mobile device to receive or generate the verification codes.
You can choose between two methods of two-factor authentication on Fundy – using SMS to receive authentication codes on your verified phone number or using an authenticator app on your phone to generate codes.
Note: You need to have a verified phone number associated with your account in order to use either two-factor authentication method.
Using SMS for two-factor authentication
On Fundy we require you to have a verified phone number associated with your account. Once you have verified your phone number, you can automatically receive two-factor authentication codes via SMS on your mobile phone to confirm transactions.
Using an app for two-factor authentication
App based two-factor authentication (2FA) uses a standardised Time-Based One-Time Password (TOTP) method for generating a regularly changing code based on a shared secret (between Fundy and your phone). Because it is a standard, many different apps can be used, the most popular being Google Authenticator, Microsoft Authenticator, Authy, Last Pass.
When you set up TOTP, our server generates a secret key – a bunch of random numbers and letters – that you save to your phone, by scanning a QR code with your authenticator app.
Now your phone and our server both have a copy of this secret key. To prove that you have the key when verifying a transaction, the authenticator app on your phone mixes this key with the current time to produce a unique access code that you need to enter to proceed. Our server does the same on the other end and if the code matches, the transaction goes through.
How to set up two-factor authentication using an app.
Download an app such as Google Authenticator, Microsoft Authenticator, Authy, Last Pass or other on your phone to generate two-factor authentication codes.
On your Settings page, find the Two-factor authentication section and click “Enable” to start setting up 2FA using an app.
- Download an authenticator app to your phone
If you have not yet done so, download an authenticator app to your mobile phone to continue.
- Open the authentication app on your phone
- Scan the QR code
Point your phone camera at the QR code on the screen to scan it. If you can not use a QR code, we also provide the option of entering a code manually.
Note: The QR code can not be scanned by other apps or the camera.
- Enter the code from the app
After scanning the QR code image, the app will display a six-digit code. Enter this code in the text field on the setup page and click “Enable”.
Once enabled, you will need to enter a one-time code generated by your authentication app of choice the next time you make a transaction on Fundy.
Learn more about staying safe online.