2FA Enforcement

2FA Enforcement

Starting 12 Sep 2025 (SGT), Coinhako logins will require 2FA. This follows MAS expectations for securing online financial services and protecting customers from unauthorised access and transactions. Please enable an authenticator app to continue using all services smoothly.

What is 2FA?

2FA adds a secondary check— on top of your email + password credentials — to prove that it is really you.

You can use:

  • Authenticator app (TOTP): a 6-digit code that refreshes every ~30 seconds.
  • Hardware security key (where supported): a physical key you tap to approve sign-in.

Why we’re enforcing this: 2FA stops common attacks like credential stuffing (criminals try leaked passwords from other sites on your account) and aligns with MAS guidance for online platforms

What Changes on 12 Sep 2025

  • If you have already enabled 2FA: there are no changes

  • If you haven’t enabled 2FA: you’ll have limited access until you set it up

    Feature 2FA Disabled
    View Balance & Activities
    Sell
    Buy / Swap ❌ Blocked with 2FA setup prompt
    Subscribe to Products (e.g. Alternative Products) ❌ Blocked with 2FA setup prompt
    Deposit / Withdraw ❌ Blocked with 2FA setup prompt
    Download Account Statement ❌ Blocked with 2FA setup prompt
    Add Address / Bank Account / Cards ❌ Blocked with 2FA setup prompt

Why these are blocked: MAS expects stronger verification for higher-risk actions; requiring 2FA reduces the chance of unauthorised transactions.

How to set up 2FA

Before you begin, download an authenticator app such as Google Authenticator, Authy, or Duo on your mobile device.

On Web (Browser)

  1. Click the profile icon (top right) > select 2-Factor Authentication > toggle the button beside “2FA is disabled”.

  2. Install an authenticator app on your phone (e.g., Google Authenticator, Authy) and select Next step.

  3. Open your authenticator app and add your Coinhako token by either:

    • Scanning the QR code, or

    • Copying and pasting the key into your authenticator app.

  4. Enter the six-digit verification code from your authenticator app, then click Next step.

  5. Done - you'll use a fresh 6-digit code at login and before high-risk actions.

On Mobile (Coinhako App)

  1. Go to Hub > Profile & Settings > 2-Factor Authentication > Tap Setup 2FA.

  2. Install an authenticator app on your phone (e.g, Google Authenticator, Authy.), tap Next once your app is installed.

  3. Add your Coinhako token to the authenticator app using one fo the below method, then tap Next.

    • Scanning the QR code, or

    • Copying and pasting the key into your authenticator app.

  4. Enter the six-digit verification code from your authenticator app, then tap Complete.

  5. Done - you'll use a fresh 6-digit code at login and before high-risk actions.

When you'll be asked for 2FA

  • At login (and more often on new devices/browsers).
  • Before high-risk actions (e.g., withdraw, send, add/change bank or crypto address).

Using 2FA on Coinhako (after setup)

  1. Log in with your email + password.
  2. When prompted, open your authenticator app, find “Coinhako”, and enter the 6-digit code before it expires.
  3. For high-risk actions, you may be asked for a fresh code right before you confirm.

Resetting 2FA

⚠️ Head-up: For your safety, withdrawals are disabled for 24 hours after a 2FA reset.

You can disable 2FA in two ways:

If you still have access to your authenticator app:

  • Go to Profile icon > Account Information > 2-Factor Authentication > Toggle off 2FA is enabled.
  • Enter the six-digit code from your authenticator app, then click Confirm, then re-enable and re-link.

If you cannot access your authenticator app:

  1. Log in to Coinhako and click I want to reset 2FA when prompted.
  2. Prepare a selfie with:
    1. Your ID document or passport (the same one used for account verification).
    2. A handwritten note stating: “Coinhako Reset 2FA – [Submission date]”.
    3. Your face clearly visible in the picture.
  3. Upload the selfie under Choose File and select Request 2FA Reset.
  4. Once verified, your 2FA will be disabled.

Security tips

  1. Never share your one-time codes or password — even with someone claiming to be Coinhako staff. Read more about how to protect yourself against scams.
  2. Only enable 2FA via official Coinhako apps or website.
  3. Keep your email account secure (unique password + 2FA) since it’s used for account recovery.

Need more help?

If you have further inquiries, please contact our Support Team.

👉 Figured it out? Start Trading Now!

    • Related Articles

    • Passkeys — Faster, Safer Logins for Coinhako

      Passkeys are a safer, faster alternative to passwords. With a passkey, you can sign in using your device’s built-in authentication (Face ID, Touch ID, PIN, or security key) without needing to remember complex passwords. What is a Passkey? A passkey ...

    • Coinhako verification guidelines

      To comply with regulations and keep your account secure, all Coinhako users must complete identity verification. Here’s what to expect and how to pass smoothly. What you’ll need A mobile phone to receive an OTP (one-time password) An accepted ...

    • How to Use and Set up the Anti-Phishing Code on Coinhako

      Phishing is a common scam where attackers pretend to be someone you trust—like Coinhako—in order to steal sensitive information or take control of your account. One simple and effective way to stay safe is by setting up your Anti-Phishing Code. What ...

    • Coinhako's User Security Guide

      At Coinhako, users' tokens and funds are our foremost priority. As we continue to ramp up security measures and maintain a secure platform for all users to trade, we would like to encourage users to play a part in their personal data protection as ...

    • Unlocking Your Account

      Locked your Coinhako account by accident? Simply submit a request for our support team to unlock your account on your behalf. It's that easy! If you had received a Login Notification from an unwarranted Login attempt (not by yourself), please notify ...