What is Two-Factor Authentication and how do I use it?

Two-factor authentication is a way to vastly increase your security on websites by generating a unique password every 60 seconds.

Typically, users will install the Authenticator app on their smartphone or use a yubico.com dedicated hardware key. To log into a site or service that uses two-factor authentication, they provide user name and password to the site and run the Authenticator app which produces an additional six-digit one-time password. The user provides this to the site, the site checks it for correctness and authenticates the user.

For this to work, a set-up operation has to be performed ahead of time: Vaultoro provides a shared secret key to the user over a secure channel, to be stored in the Authenticator app. This secret key will be used for all future logins to the site. It is recommended that you print out and securely store your secret key so that if you loose or break your smartphone you can regenerate the same passwords on a new phone.

With this kind of two-factor authentication, mere knowledge of username and password is not sufficient to break into a user's account. The attacker also needs knowledge of the shared secret or physical access to the device running the Authenticator app. An alternative route of attack is a man-in-the-middle attack: if the computer used for the login process is compromised by a trojan, then username, password and one-time password can be captured by the trojan, which can then initiate its own login session to the site or monitor and modify the communication between user and site. The great thing is that the Google Auth app changes the password every 60 seconds, So an attacker has to very well timed indeed. Just in case this very low probability was to happen the attacker can not steal your coins because the payout address is locked.

Before you set up two-factor authentication, you’ll need to download the application to your smartphone.

Android, iOS, BlackBerry, or with a dedicated Yubikey device.

·       https://code.google.com/p/google-authenticator/

·       http://en.wikipedia.org/wiki/Google_Authenticator

·       http://www.yubico.com/

To set up two-factor authentication on your Vaultoro account, go to Settings > Security and under Two-factor Authentication Click "setup"

Please note down your reset code on a piece of paper or as an encrypted note on your computer

If you lose your two-factor authentication device or secret key to regenerate it then you will need this code or have to go through a verification process which will include a lot of documents to prove who you really are.

Documents needed will be:

·       A high resolution scan of the passport you used to originally verify your account

·    A high resolution of a bill with the same address as used when you originally verified your account.

·    Either the last amount you deposited, withdrew or traded.

·       A picture of yourself holding your ID next to your face

Feedback and Knowledge Base