Traditional two-factor authentication (2FA), why it doesn't work with self-custody wallets like Exodus, and how to keep your crypto safe.
Need a crypto wallet that gives you full control of your assets? You can download Exodus here.
In this article:
What is two-factor authentication (2FA)?
Two-factor authentication (2FA) is an extra verification step for online accounts, such as entering a 2FA code, in addition to entering your login information, such as your email and password. 2FA has become standard for many financial apps because it adds an extra layer of security.
In many cases, 2FA is done with SMS authentication or with an authenticator app such as Authy or Google Authenticator, but it can be anything from a digital ID card to biometric data like a fingerprint or face scan.
Authenticator apps are one of the safest options for implementing 2FA. Once you have linked an authenticator app with a platform, the authenticator app provides 2FA codes. These codes can only be used once and are only valid for a short time. This means that it is only possible to access the account if you have the device with the authenticator app.
2FA codes sent over SMS can be less secure due to the possibility of SIM cloning or social engineering to access a mobile account. However, 2FA via SMS still provides an additional layer of security.
Why doesn't Exodus integrate with authenticator apps?
Traditional 2FA isn't available in Exodus because Exodus doesn't have access to the information needed to restore your wallet.
Imagine you live in a rented property and have managed to lock yourself out and lose the key. In this scenario, the next step would be to contact the landlord of your building. It is likely there is not much more you need to do other than prove who you are and why you should be granted access to the locked house.
The same concept applies to the online systems of banks as well as custodial crypto exchanges that maintain custody of your funds. While traditional 2FA methods can act as an effective deterrent for attackers, depending on the circumstances and the proof of ownership you possess, it's more than likely possible to get the bank or exchange to unlock your account.
With Exodus, however, there is no one to let you in. No one at the company can access your secret recovery phrase, nor can we reset anything on your behalf. You are in full control of your funds and your wallet.
To explain further, self-custody wallets, such as Exodus, provide you with a secret recovery phrase. If you lose access to your Exodus wallet, you can restore it by inputting your secret recovery phrase into a new wallet. In fact, due to the standardization of this format for transmitting private key information, you could even import your Exodus secret recovery phrase into another compatible wallet.
If an attacker accesses your secret recovery phrase or private keys, they could restore your wallet into Exodus or similar software and bypass any 2FA method altogether.
What can I do to keep my wallet safe?
With all of that said, we're always working to improve security and will continue to explore the possibility of 2FA.
For more information on security practices to keep your crypto safe, visit: How do I keep my money safe? How to store cryptocurrency safely.
Trezor
For additional security, you have the option to use a Trezor with Exodus Desktop.
With hardware wallets like Trezor, all the sensitive data that gives you control over your funds, such as your secret recovery phrase and private keys, are stored offline on the device itself.
Hardware wallets like Trezor do not disclose your secret recovery phrase or private keys to your computer, which makes hardware wallets the most secure way to store large amounts of crypto.
For an overview of how Trezor works in tandem with Exodus to keep your funds secure, we recommend reading our guide: Getting started with Exodus and Trezor
It's important to keep your Trezor's secret recovery phrase safe and store it in a secure location.
Set a strong password
To prevent anyone who gains access to your phone or computer from accessing your wallet, you should set a strong password.
You can find our full guide here: How do I set a strong password?
Keep your 12-word secret recovery phrase safe
When creating an Exodus wallet, it is crucial to back up your wallet and write down your 12-word secret phrase to ensure you always have access to your funds: How do I back up my wallet and write down my 12-word secret recovery phrase?
For best practices to keep your 12-word secret recovery phrase safe, we have compiled a comprehensive list: How do I keep my secret recovery phrase safe?