lockkeypng.png

Two-factor authentication (2FA), also known as two-step verification, is a layer of security next to your username and password. If you have enabled 2FA for your Bitvavo account, you must first enter your username and password (first factor) and then an additional 2FA code (second factor). The 2FA code is associated with a specific device, such as your phone.

Tip: Because 2FA is almost always active on a mobile phone it works the most conveniently to enable, disable or reset it working on a laptop/pc. Login via our website and follow the below steps. 

How do I activate 2FA? 

Activate Two-Factor Authentication:

Important: Before setting up your 2FA, you need to download an app to do so. Check at the bottom of this article how to download Google Authenticator, Authy or other options. 
  1. Login to your Bitvavo account.

  2. Click on 'security' at the top-middle of your screen. 

  3. Select 'Security Settings'. Then press the 'Enable' button to the right of 'Two-Factor Authentication (2FA)'.
  4. Enter your password.
  5. Download an Authenticator app on your mobile device. You can find how to download an Authenticator at the bottom of this page.
    Google_Authenticator.png
  6. Open the authenticator app and scan the QR code. Once you have scanned the QR code, the authenticator app on your mobile phone is linked to your Bitvavo account. You will now see a six-digit code in the app, this is your 2FA code. You can enter this 2FA code in the 'Two-Factor (2FA) code' field.

    Important: You will also be presented with a recovery code. Save the recovery codes in case your 2FA device becomes unavailable.

    Click 'Confirm' to continue.

  7. Success! You have successfully enabled 2FA.

    From now on, when logging in, you must enter both your password and the code that you see in your authenticator app. This code is refreshed every 30 seconds. Always use the most recently generated code to log in.

Why is my Bitvavo-app frozen after the 2FA activation? 

Once you have successfully activated your 2FA, you will need to log in to your Bitvavo-app again. You can do this by clicking on 'Forgot PIN' and logging in with your login details and 2FA code. This is a one-time process, after that, you can log in again using your FaceID or PIN.  

Where can I find more information on the security/safety of my Bitvavo account? 

More information about the security measures taken by Bitvavo to keep your account as secure as possible, and which steps you can take yourself can be found on the following pages:

Why does my two-factor authentication (2FA) not work? 

If your 2FA code does not function properly, it might be the result of one of the following causes:

  1. You have set up 2FA multiple times on the same device.
    Check whether the code you entered on Bitvavo belongs to your account or to a different service.

  2. The time on your device is incorrect.
    This might lead to codes that are not in sync. In order to solve this, you will have to ensure that the time on your device is set to automatic (as opposed to manual), and has set to the correct timezone.

If the problem can not be solved by one of the solutions mentioned above, you can always reset your 2FA.

Resetting two-factor authentication (2FA) 

If you're not able to log in because you no longer have the mobile phone on which your 2FA code (authenticator) is installed, you can reset 2FA. This step removes your 2FA security layer from your Bitvavo account. This allows you to log in with just your email address and password. For example, in the following situations:

  • Your phone has been stolen/lost;
  • You have a new phone;
  • The authentication app has been (accidentally) deleted.
Reset 2FA is only possible if you still have access to the phone number associated with your Bitvavo account. If you wish to have your 2FA removed, please read further at the bottom of the article. 

Use the following link to reset your 2FA: Reset 2FA. You will then need to follow the steps below:

  1. Enter your username and password and click 'Disable 2FA'.

  2. You will then receive an email and SMS message on your phone.
  3. Open the email and confirm resetting your 2FA by clicking on the confirmation link.

  4. Finally, enter the code you received by SMS. After clicking 'Restore 2FA', 2FA is disabled.

Please note: that withdrawals from your digital currency will be blocked for 24 hours after resetting your 2FA.

Have your 2FA removed by support 

If resetting your 2FA code does not work because you have a different phone number, for example, please email us at support@bitvavo.com with this request. 

We ask for a re-identify to verify that this application actually comes from you. We recommend re-enabling it as soon as possible after removing your 2FA. 

Please note: Withdrawals from your digital currency will be blocked for 24 hours after removing your 2FA.

How can I move my two-factor authentication (2FA) to a new phone? 

If you have enabled two-factor authentication and you would like to move this to your new phone, you can follow these steps:

Google Authenticator

If you are using the Google Authenticator app, follow the steps below:

  1. Login to your Bitvavo account with your username, password and 2FA code from your old device.

  2. Navigate to 'Security'.

    Dashboard_en.png

  3. Go to the header 'Security settings'.

  4. Click the 'Disable' button, next to 'Two-Factor authentication'.

    Deactivation_eng.png

  5. Enter your password and the 2FA code from your old phone.

    Turn_off_2FA_eng.png

  6. Download the Google Authenticator app on your new phone.



  7. Go to your Bitvavo account and press the button 'Enable' next to 'Two-Factor authentication'.

    2FA_eng.png

  8. Open the Google Authenticator app and scan the QR code.

  9. Enter the code displayed on your new phone.

    Activation_eng.png

After completing these steps, 2FA has been successfully moved to your new device.

Authy App

If you use the Authy app, follow the steps below:

  1. Download the Authy-app on your new device.

  2. Register the same phone number in the Authy-app on your new phone.

  3. Follow the steps to complete registration.

  4. A Bitvavo-token will appear automatically once you have completed registration.

After completing these steps, 2FA has been successfully moved to your new device.

How do I download an authenticator app? 

How do I download the Google Authenticator app?

Install the Google Authenticator app from the App store (for iPhones) or the Play Store (for Android phones). After installation, open the app and follow the steps below:

  1. Click on the red circle with a plus sign in the middle, at the bottom of your screen.

  2. Subsequently click on 'scan a barcode', after which the camera will activate, and point the camera at the QR code. You could also click on 'Enter code manually' and enter the code like that.

  3. Afterwards, the 2FA of Bitvavo will be displayed, which changes every 30 seconds.

  4. Print/save the restore code to use in case your 2FA device gets lost.

We advise you to not enable the Google Cloud sync for the Authenticator app, as this could pose a security risk for your account. Read more about this security risk in this blog post. 

How do I download the Authy app?

Install the Authy app from the App Store (for iPhones) or the Play Store (for Android phones). After installation and follow these steps:

  1. Open the app and click on '+ Add Account' at the bottom of your screen.

  2. After that click on 'scan a barcode', after which the camera will activate, and point the camera at the QR code. You could also click on 'Enter code manually' and enter the code like that.

  3. Pick a logo that belongs to the website and give the account a name to remember it by.

  4. Afterwards, the 2FA of Bitvavo will be displayed which changes every 30 seconds.

  5. Print/save the restore codes in case your 2FA device gets lost.

I would rather not use the Google Authenticator or Authy app. Which other options do I have?

Here are some alternatives if you prefer not to use the Google Authenticator or Authy app:

  • LastPass Authenticator.

  • Microsoft Authenticator.

  • Yubico Authenticator.