The MYBlockX team offers 2-step verification or MFA (known also as two-factor authentication) in order to keep your account safe and secure. This means you'll be sent a unique code each time after setting up initial passwords on our site when logging into them with either the mobile device AND phone number associated with it.
Some events that can trigger 2-step verification
- Sign-in attempt from an unrecognized device
- Sign-in attempt from an unrecognized phone number
- Sending crypto out of your MYBlockX account
Learn how to troubleshoot 2-step verification issues
Security Key - Most secure
2-step verification is the best way to keep your information safe, especially if you have a device that sees physical access. With this method, an attacker would need both of these things in order for them to get into any of our accounts.
MYBlockX supports all WebAuthN / Fido2 standard security keys. An option for a security key is Yubico's yubikey. Learn how to use a security key by visiting our help article Using and Managing Security Keys.
Duo and Google Authenticator (TOTP) - Secure
One-time codes are a great way to generate tokens that can be used in place of traditional passwords. Simply input the current date and time on your phone, along with this special key known only by you - then after some extra math is done! You'll have access for one minute (or however long it takes) before expiring all over again.
MYBlockX shows you a QR code, which represents the secret key, which you'll then need to scan using an Authenticator app on your phone.
SMS/Text - Least secure
SMS/Text is a phone app that you can use to authenticate yourself with 2-step verification. Since SMS has been linked specifically to your number, the risk of someone porting it and doing something bad could happen because they have access through this method as well.
This type of attack involves an attacker transferring or "porting" over another person's device-- leaving them susceptible if something goes wrong during these processes where their account was taken over once again by getting control back from yours after being logged onto those devices using our original credentials