Security is one of KuCoin's top concerns. To protect your account and avoid any potential theft of your assets, KuCoin uses Google Authenticator, which adds an extra layer of security.
This article shows you the steps for Google 2-Step Verification (2FA) binding, unbinding, and some frequently asked questions.
1. Why Google 2FA
When setting up a new KuCoin account, you have to set a password to protect your account, but a password alone is not enough. To add another layer of security to your account, it is strongly recommended to bind Google Authenticator to your KuCoin account. It can help prevent unauthorized logins even when your password has been leaked.
Google Authenticator is an authenticator app by Google that implements two-step verification services using a time-based one-time password. The app offers a 6-digit dynamic code that changes every 30 seconds, and each verification code can only be used once. Once you have bound it, you will be asked to fill in the dynamic code for login, withdrawal, API creation, etc.
2. How to Bind Google 2FA
If you already have the app, let's check out how to bind it to your KuCoin account.
Step 1: Log in to your KuCoin account. Click the avatar on the upper-right corner and select Account Security in the drop-down menu.
Step 2: Find Security Settings, click Set, and then click Send Code. An email verification code will be sent to your registered e-mail address.
Step 3: Next, you will see a page below. Please record the Google Secret Key and store it in a secure place. You will need it to restore your Google 2FA if you lose your phone or accidentally delete the Google Authenticator app.
Step 4: Once you have saved the Secret Key, open the Google Authenticator app on your phone, click the "+" icon to add a new code. Click on Scan barcode to open your camera and scan the code. It will set up the Google Authenticator for KuCoin and start generating the 6-digit code.
******Below is a sample of what you will see on your phone in the Google Authenticator App******
Step 5: Lastly, enter the 6-digit code shown on your phone into the Google Verification Code box, and click on the Activate button to complete.
- Please correct the server time in the Authenticator if you have an Android device. Select "Settings – Time correction for codes."
- Some phones need to be restarted after binding. Please also turn on 24-Hour Time and Set Automatically in Settings > General > Date & Time.
- For login, trading, and withdrawal, users are required to enter the verification code.
- Please do NOT delete the Google Authenticator from your phone.
- Please enter the correct Google 2-step verification code. If you enter the wrong verification code five times, the Google 2-step verification will be locked for 2 hours.
3. Reasons for Invalid Google 2FA Code
If the Google 2FA code is invalid, ensure that you have done the following:
1. Please ensure you entered the 2FA code for the correct account if multiple accounts’ 2FAs were bound to one phone;
2. The Google 2FA code is only valid for 30 seconds, please be sure to enter it within 30 seconds;
3. Please ensure the time on the Google Authenticator App on your phone is synchronized with the time on the Google server.
How to synchronize the time on your phone (Android Only)
A. Click "Settings"
B. Click "Time Correction for Codes" – "Sync now"
If this doesn't work, please rebind Google 2-Step Verification if you saved the 16-digit Secret Key.
4. If you did not save the 16-digit Secret Key and fail to access your Google 2FA code, please kindly read Part 4 to unbind Google 2FA.
4. How to Restore/Unbind Google 2FA
If you cannot access the Google Authenticator app for any reason, please follow the guidance below to restore or unbind it.
1. If you saved your Google Secret Key, just rebind it in the Google Authenticator app and it will start generating a new code. For security reasons, please delete the previous code in your Google 2FA app once you have set a new one.
2. If you did not save the Google Secret Key, please click 2-FA unavailable? to unbind it. You will be asked to fill in the Email Verification Code and Trading Password. Next, you will be required to upload the requested ID information to verify your identity.
This may sound inconvenient, but please understand that the Google 2FA code is a very important security setting, and we will not unbind it before verifying who is submitting the request. Once we have verified your information, the Google Authenticator will be unbound in 1–3 business days.
3. If you got a new device and want to transfer Google 2FA to it, please log in to your KuCoin account to change 2FA in the account security settings. Please refer to the screenshots below for detailed steps.
- To ensure your account security, the withdrawal services on KuCoin will be temporarily locked for 24 hours after changing important security settings like unbinding Google 2FA.