Enabling Enhanced Security - otherwise known as Two Factor Authentication (2FA) or Multi-Factor Authentication - alongside your strong and unique password, is the best way to keep your CoinJar secure. Once you’ve set it up, you will be prompted to authenticate using your mobile device whenever you access your CoinJar. This way, even if someone were to gain access to your sign in details, they would be unable to access your CoinJar without first authenticating using your selected security device. 

Please also refer to our Knowledge Base article on keeping your CoinJar secure to minimise the risks of your CoinJar falling into the wrong hands. 

Types of Enhanced Security

There are two types of Enhanced Security to choose from:

• SMS authentication
• TOTP authentication

With SMS Authentication, you’ll be sent a SMS to your device whenever CoinJar requires authentication. Enter this code into CoinJar and you’re good to go.  SMS delivery can be slow and may be unreliable when travelling abroad, so consider TOTP if you're headed overseas. In terms of security, SMS messages can be considered susceptible to multiple types of security threats when compared to TOTP. Unauthorised number porting can occur in extreme situations, phone numbers can be cloned entirely, and cell-phone maintenance personnel do have access to unencrypted SMS messages.

TOTP stands for Time-based One-Time Password and can be used on your mobile device with apps such as Google Authenticator and Authy. These dedicated apps generate a brand new authentication code every 30 seconds. When CoinJar requires authentication, you simply access your TOTP app and enter the current code displayed. This can be completed anywhere you have an internet connection, so it's great for travelling or if SMS is unreliable for any reason. They're also fully encrypted, and not visible to any third party at any stage. 

Setting up SMS Authentication

1. After signing in to your CoinJar, select "Settings" from the left hand menu.
2. Navigate to the Enhanced Security section and select 'Add new device'.
3. Select 'Configure SMS', enter your mobile number, and choose a name for your device.
4. Select 'Confirm device'. You'll be sent a SMS to your mobile number with an attached reference number.
5. Enter the number into the CoinJar website and select 'Complete setup' to add this as your Enhanced Security device.

Setting up TOTP Authentication

1. After signing in to your CoinJar, select "Settings" from the left hand menu.
2. Navigate to the Enhanced Security section and select 'Add new device'.
3. Choose 'Configure authenticator app' and choose a name for your device.
4. Select 'Confirm device'. You'll now be provided with a QR Code on your display, which you can scan into your TOTP app. You can use apps such as Google Authenticator and Authy to complete this step. 
5. After scanning the QR Code, your Authenticator app will then provide you with a 6-digit verification code.
6. Enter that into the CoinJar website and select 'Complete setup'to add this as your Enhanced Security device.

Primary and Secondary Devices

You may choose to set up two security devices - one primary and one secondary. We strongly encourage you to set up at least a primary device.

Primary devices protect your CoinJar from intruders who may have been able to access your correct sign in details. Each time you sign in to your CoinJar, you'll be prompted to authenticate using your primary device.

For convenience sake, when signing in from a trusted device, you can select "remember this device for 30 days" so that you don't need to complete authentication each time you wish to access your CoinJar on that device.

A secondary device, if enabled, will be required when you attempt to alter your Enhanced Security settings or make large transfers from your CoinJar. You will typically be prompted when attempting to make a new payment exceeding approximately $5,000. This is an added layer of security to protect you against the unlikely event of someone having access to your correct sign in details and your primary device. 

Removing Enhanced Security

Please refer to our dedicated Knowledge Base article for further instructions on how to remove an Enhanced Security device from your CoinJar.

Updated: 24 Dec 2018 (AS)
Reviewed: 24 Dec 2018 (AS)