Two-factor authentication (2FA) means a stolen password is not enough to access your account. Without 2FA, anyone with your password — from a leaked database, a phishing site, or malware on your laptop — can log in and drain your balance.
2FA is required for withdrawals
Every seller withdrawal requires 2FA, regardless of amount. Buyer top-ups don't, but we strongly recommend enabling it for both — losing access to a $500 balance is no fun.
Authenticator app vs SMS vs hardware key
| Method | Security | Convenience | Recommendation |
|---|---|---|---|
| Authenticator app | High | High | Best choice for most people |
| Hardware key (YubiKey) | Highest | Medium | Best if you're a power seller |
| SMS | Low | High | Avoid — SIM-swap attacks are real |
| Email codes | Medium | Medium | Fallback only |
- 1
Install an authenticator app
Google Authenticator, Authy, 1Password and Bitwarden all work. Authy and 1Password sync across devices, which means losing your phone isn't a disaster.
- 2
Open Profile → Settings → Security
Click 'Set up 2FA'. Scan the QR code with your authenticator app.
RecommendedTwo-factor authenticationScan the QR code with your appStatusNot enabledRecovery codes—Required for withdrawalsYes - 3
Enter the 6-digit code to confirm
Your app generates a new code every 30 seconds. Type the current one to prove the setup worked.
- 4
Save your recovery codes
We generate 10 one-time codes. Store them in a password manager. If you lose your phone, these are the ONLY way back in — support cannot reset 2FA without them.
If you lose your 2FA device
- Use a recovery code to log in, then re-set up 2FA on your new device.
- If you also lost the recovery codes, you'll need to re-do KYC (passport or ID + selfie) and wait 72h.
- We never reset 2FA over chat or email — anyone offering that is a scammer.