Security settings

How do I set up and use authenticator app 2FA?

Updated

Summary

Authenticator app Two-Factor Authentication (2FA) adds a second verification step to your Bitvavo login using a six-digit code that refreshes every 30 seconds. You can enable it on its own or alongside Push notification 2FA. Crypto withdrawals are only possible when Authenticator app 2FA is enabled.

Introduction

With Authenticator app 2FA, you sign in using your email address and password (first factor) and then enter a 2FA code from an authenticator app on your phone (second factor). Examples include Google Authenticator and Authy. You can keep Push notification 2FA enabled as well for quick approvals, but withdrawals require the Authenticator app 2FA.

Set up Authenticator app 2FA

Activate Two-Factor Authentication in the app

Important: Install an authenticator app first. See the download instructions below.

  1. Open the Bitvavo app and go to Security in your settings.
  2. Tap Enable 2FA.
  3. Enter your Bitvavo account password.
  4. Open your authenticator app and scan the QR code shown in Bitvavo (or enter the code manually).
  5. Copy and safely store your 2FA recovery code.
  6. Enter the six-digit 2FA code from your authenticator app to confirm.
  7. Done - Authenticator app 2FA is now enabled.

Activate Two-Factor Authentication on the website

Important: Install an authenticator app first. See the download instructions below.

  1. Log in to your Bitvavo account.
  2. Select your name in the top menu and click Security.
  3. Click Enable 2FA next to Two-Factor Authentication (2FA).
  4. Enter your Bitvavo account password.
  5. On your phone, open the authenticator app and scan the QR code (or enter the code manually).
    Google_Authenticator.png

  6. You will see a six-digit 2FA code in the app. Enter it on Bitvavo to link your device.

    Important: A 2FA recovery code will be shown — store it securely. Use it if your 2FA device becomes unavailable.
  7. Click Continue.
  8. Success — from now on you log in with your password and the six-digit code from your authenticator app. The code refreshes every 30 seconds.
Note: You can enable Authenticator app 2FA and Push notification 2FA at the same time. Crypto withdrawals require Authenticator app 2FA.

Keep your recovery code safe

During setup you receive a 2FA recovery code. This code lets you regain access to your account if you lose your 2FA device. Store it offline in a secure place. Do not share it.

Troubleshooting 2FA codes

  1. Multiple setups on one device: Make sure the code you enter belongs to your Bitvavo account and not another service.
  2. Incorrect device time: Codes rely on your phone’s time. Set your phone’s date and time to automatic and confirm the correct time zone.

If issues persist, you can reset your 2FA (see below).

Reset Authenticator app 2FA

If you cannot log in because you no longer have the phone with your authenticator app, you can reset 2FA. This removes the 2FA layer so you can log in using only your email address and password.

Use this if your phone is lost or stolen, you have a new phone, or the app was deleted.

  1. Enter your email address and password and click Reset 2FA.
  2. You’ll receive an email and an SMS on your phone number.
  3. Open the email and click the confirmation link.
  4. Enter the SMS code and click 2FA Reset. 2FA will be disabled.
Please note: Withdrawals of digital currency are blocked for 24 hours after resetting your 2FA.

If you cannot receive the SMS

If you do not have access to your phone number or you are not receiving the SMS to reset 2FA, please go through the re-verification steps at the bottom of this support article.

Please note: Withdrawals of digital currency are blocked for 24 hours after removing your 2FA.

Move Authenticator app 2FA to a new phone

Google Authenticator

  1. Log in on Bitvavo with your email, password, and a 2FA code from your old device.
  2. Go to Security and click Disable 2FA next to Two-Factor Authentication.
    Dashboard_en.png
    Deactivation_eng.png
    Turn_off_2FA_eng.png
  3. Install Google Authenticator on your new phone.
  4. Back in Bitvavo, click Enable 2FA and scan the new QR code with your new phone.
    2FA_eng.png
  5. Enter the 2FA code shown on your new phone to finish setup.
    Activation_eng.png

After these steps, your Authenticator app 2FA is active on your new device.

Authy app

  1. Install Authy on your new device.
  2. Register using the same phone number you used before.
  3. Complete Authy’s registration steps.
  4. Your Bitvavo token appears automatically after registration is complete.

Use Authenticator app 2FA on two phones

You can use Authenticator app 2FA on more than one device. In Google Authenticator, go to Transfer accountsExport accounts to generate a QR code, then scan it on your second device (Import existing account). Both phones will generate the same 2FA codes.

Tip: Test the new device before removing 2FA from your original phone to avoid lockouts.

Download an authenticator app

Google Authenticator

Install from the App Store (iOS) or Google Play (Android). Then:

  1. Tap the + button.
  2. Select Scan a QR code (or enter the code manually) and point the camera at Bitvavo’s QR.
  3. Your Bitvavo 2FA code will appear and refresh every 30 seconds.
  4. Save any restore codes offered by the app in case your device is lost.

We recommend not enabling Google Cloud sync for the Authenticator app, as it may increase risk exposure. Read more in this blog post.

Authy

Install from the App Store (iOS) or Google Play (Android). Then:

  1. Tap + Add Account.
  2. Select Scan a QR code (or enter the code manually).
  3. Choose the correct logo and name the account.
  4. Your Bitvavo 2FA code will appear and refresh every 30 seconds.
  5. Save any restore codes offered by the app.

Microsoft Authenticator

Install from the App Store (iOS) or Google Play (Android). Then:

  1. Tap the + button.
  2. Select Scan a QR code (or enter the code manually) and point the camera at Bitvavo’s QR.
  3. Your Bitvavo 2FA code will appear and refresh every 30 seconds.
  4. Save any restore or backup options offered by the app in case your device is lost.

Other options

  • LastPass Authenticator

Stay alert to phishing

If you receive an unexpected SMS about a 2FA reset including a phone number, it did not come from Bitvavo. We do not send unsolicited SMS with phone numbers to call.

Warning: Do not call the number or click any links. Delete the message and do not respond.

FAQ

Can I use Push notification 2FA and Authenticator app 2FA together?

Yes. You can enable both. For the best protection, keep both active. Only Authenticator app 2FA enables crypto withdrawals.

Why don’t my 2FA codes work?

Make sure you’re entering the code for your Bitvavo account and that your phone’s time is set automatically with the correct time zone. If you still cannot log in, reset your 2FA using the steps above.

What if my Bitvavo app is frozen after activation?

After enabling 2FA, you may need to log in again. Tap Forgot your PIN? and sign in with your email, password, and 2FA code. You can then resume using Face ID or PIN.

Can I withdraw crypto with only Push notification 2FA enabled?

No. Withdrawals of crypto are only available when Authenticator app 2FA is enabled.

Where can I learn more about account security?

See Security and How can I make my account even more secure?

Is it possible to use SMS for Two-Factor Authentication (2FA) codes?

No, it is not possible to use SMS for Two-Factor Authentication (2FA) with Bitvavo. 2FA codes can only be generated using an authentication app, such as Google Authenticator or Authy.

Still need help?

Our AI assistant Vavo can answer your questions instantly, 24/7.

Chat with Vavo

Related articles

Two-Factor Authentication (2FA) How do I set up and use authenticator app 2FA? How can I protect my Bitvavo account with push notification 2FA? Why do I need iOS 15.5 or higher to use the Bitvavo app? Why do I need Android 8 or higher to use the Bitvavo app? How do I disable crypto withdrawals? Are the digital currency on my account safe? How can I disable 2FA if I no longer have access to my phone or don't receive an SMS? Why does my two-factor authentication (2FA) not work? Bitvavo partnership with Auth0