This article is intended for members in the United Kingdom. If you're looking for instructions for CoinJar Australia, visit this article.
What is Enhanced Security?
Enhanced Security — also known as two factor authentication (2FA) or multi-factor authentication (MFA) — is a security measure that helps to prevent your CoinJar from being accessed by anyone but yourself.
How does it work?
Whenever you sign in with your email address and password, you'll be asked to provide an authentication code that will be made available on one of your personal devices. This means that even if someone did obtain your sign in credentials, they wouldn't be able to sign in to your CoinJar without having access to your Enhanced Security device.
Should I use Enhanced Security (2FA)?
We urge you to use 2FA — not only for your CoinJar, but for your email address and any other services you're signed up to that support it. Combined with a password manager to keep your passwords unique across all your services, 2FA is the most effective way of protecting your personal data and digital assets.
Enhanced Security is also needed when making high risk payments from your CoinJar. Please see our Knowledge Base article on keeping your CoinJar secure for more steps you can take to keep your account, and your funds, safe.
Types of Enhanced Security
CoinJar supports authenticator apps and SMS authentication. While both offer an essential layer of protection, authenticator apps are considered more secure and more reliable.
Authenticator app (TOTP)
Time-based One-Time Password, or TOTP, is a secure and reliable way of authenticating your sign ins. With TOTP authentication, you'll be need to open your authenticator app on your mobile device to reveal a sign in code. Apps like Google Authenticator or Authy generate a new code every 30 second.
Authenticator apps have the benefit of being used anywhere you have internet connection. It's great for travelling or if SMS is unreliable in your region.
TOTP is also fully encrypted and never visible to a third party at any point. In contrast, SMS messages are not encrypted by phone providers. This means that they can be susceptible to security threats — such as port forwarding or interception.
With SMS authentication, you’ll be sent a SMS with a code to your mobile to authenticate your sign in with.
SMS delivery can be slow, and may be unreliable when travelling abroad or in areas with limited reception. SMS is also considered less secure than authenticator apps. If a third party is able to impersonate you, they can contact your mobile carrier to arrange for your SMS messages to be redirected to their own sim card/phone. Additionally, because SMS messages are unencrypted, personnel at your mobile carrier can access your SMS content.
Regardless: SMS authentication is better than no 2FA at all.
Adding Enhanced Security (2FA) to your CoinJar
- Install an authenticator app on your personal device. Popular examples include Google Authenticator or Authy.
- Navigate to the Security section of your CoinJar's 'Settings'/'More' menu, and select 'Add additional 2FA authenticator'. Choose 'TOTP'.
- You'll be shown a QR Code in your CoinJar to complete setup. Using your authenticator app and your mobile device's camera to scan this QR code.
- Finally, authenticate your sign in for the very first time. You can do this by signing into your CoinJar as usual, and opening your authenticator app and entering your 6-digit verification code when prompted.
- Navigate to the Security section of your CoinJar's 'Settings' and select 'Add additional 2FA authenticator'. Choose ‘SMS’. Enter your mobile number.
- You'll be sent a SMS to your mobile number with a reference number.
- Enter the number into your CoinJar when prompted.
- Select 'Confirm' to finish setting up SMS authentication.
How many Enhanced Security authenticators should I add?
Having at least one authenticator will greatly improve the security of your CoinJar.
A second authenticator can be added. This gives you the flexibility of choosing which authenticator you'd like to use when signing in, and ensures that you have a backup device in case your usual authentication method becomes inaccessible or lost.
However, multiple authenticators increase the number of possible access points for your CoinJar. You should always review the security of your personal devices when adding new authenticators. It's important to manage your Enhanced Security when upgrading or retiring devices.
Removing an Enhanced Security authenticator
If you still have access to at least one of your authenticators, you can sign in to your CoinJar's Settings at any time to remove an inaccessible authenticator. If you're unable to do this, CoinJar can manually remove Enhanced Security from your CoinJar. Visit our article Removing Enhanced Security from your CoinJar for more detail.