Most accounts we create online are accessible with a username and a password. Similarly, your Blockchain wallet has a wallet ID and a password to log in with. These are the first two credentials protecting any information (and funds) stored within, but even with a lengthy complex password, it may not be enough. Two-factor authentication (also known as 2FA, or Two-Step Verification) is another very important layer of security you can set up to keep your Blockchain wallet secure. 2FA is an invaluable user friendly tool that should always be used, whenever available. In this article, we will take you through 2FA basics, explain how it works and why you absolutely need it.
How it works
When you first create your Blockchain wallet, you set your own password* and receive your identifier. By default, these are the only two pieces of information required to access your wallet.
Setting up 2FA will add a third credential; a unique one-time use code that will also be required to log in to your wallet successfully. A new code will be generated for each login attempt. You can get started with 2FA in the Security Center of your wallet. Options include using the Google Authenticator app to generate codes, using your Yubikey (a hardware authentication device), or receiving SMS codes to your mobile number. This article will guide you through how to configure each of these methods.
Once you have set up 2FA with your chosen method, the login process will require you to input your wallet ID, password, and then a 2FA code.
Why you need it
Even strong passwords can be broken or compromised by a remote attacker. However, if you have 2FA, someone who gets your password will be prevented from gaining access to your wallet because they will also require your 2FA code. Unlike your password, your 2FA code changes with each login attempt and is retrieved from your mobile device (or separate hardware authentication device, if you use a Yubikey). Enabling 2FA serves as an incredibly helpful deterrent of online attacks, which means your wallet won’t be an easy target for unauthorized access.
Do we recommend one 2FA method over the others?
We recommend Google Authenticator over SMS if you have a smartphone. Google Authenticator is not only free, the app generates a new login code every 30 seconds locally on your device. The delivery of SMS codes, on the other hand, is entirely dependent upon the reliability of your mobile provider. During a service outage, delivery may be delayed or disabled completely. This means you may not be able to receive the codes needed to log in. There are other risks with SMS as well, including social engineering tactics used to port your number. If successful, an attacker can receive your SMS codes (and any other incoming SMS messages). You can download the Google Authenticator app from the App Store for iOS or the Play Store for Android. If you prefer physical keys, we also support and recommend Yubikey, which you can get from Yubico.
*It’s important to set a strong password, the longer the better. This blog post includes a few tips on how to create a good password. Remember that we cannot recover or reset your wallet password, so make sure to store your password securely and back up your wallet with the 12-word recovery phrase.