How to enable two-factor authentication (2FA) on Bybit?

Enable 2FA on Bybit using Google Authenticator or Authy for enhanced security—never share your secret key or recovery codes.

Aug 04, 2025 at 10:33 pm

Understanding Two-Factor Authentication (2FA) on Bybit

Two-factor authentication (2FA) is a security mechanism designed to add an extra layer of protection to your Bybit account. Without 2FA, your account relies solely on your password, which can be vulnerable to phishing, brute-force attacks, or unauthorized access. With 2FA enabled, even if someone obtains your password, they cannot log in without the second verification factor—typically a time-based code generated by an authenticator app. Bybit supports Google Authenticator and Authy as compatible apps for generating these one-time passwords (OTPs). Enabling 2FA is a critical step in securing your cryptocurrency holdings and trading activities on the platform.

Prerequisites Before Setting Up 2FA

Before you begin the 2FA setup process on Bybit, ensure you meet the following requirements:

• You must have a verified Bybit account with email and phone number confirmed.
• Download and install a compatible authenticator app such as Google Authenticator or Authy on your smartphone.
• Ensure your device has a stable internet connection.
• Have a recovery email set up on your Bybit account to receive backup codes.
• Never share your 2FA secret key or recovery codes with anyone.

It is essential to safeguard your 2FA secret key, which is provided during setup. If you lose access to your authenticator app and do not have the recovery codes, you may permanently lose access to your account. Bybit does not store your 2FA codes, so responsibility for backup lies entirely with the user.

Step-by-Step Guide to Enable 2FA on Bybit

Follow these steps carefully to enable 2FA on your Bybit account:

• Log in to your Bybit account via the official website or app.
• Click on your profile icon in the top-right corner and select "Security" from the dropdown menu.
• Under the "Two-Factor Authentication" section, click "Enable".
• Choose "Authenticator App" as your preferred 2FA method.
• Open your authenticator app (e.g., Google Authenticator) and tap "Scan QR Code".
• Use your phone’s camera to scan the QR code displayed on the Bybit screen.
• Once scanned, the app will generate a 6-digit time-based code.
• Enter the code into the field labeled "Verification Code" on Bybit.
• Click "Confirm" to complete the setup.

After successful verification, 2FA will be active. You will now be required to enter a code from your authenticator app every time you log in or perform sensitive actions such as withdrawals.

Storing Your 2FA Recovery Codes Safely

Immediately after enabling 2FA, Bybit will display a set of recovery codes. These are one-time-use codes that allow you to regain access to your account if you lose your phone or uninstall the authenticator app.

• Copy or download the recovery codes and store them in a secure offline location.
• Consider writing them on paper and storing them in a locked safe.
• Do not save them in plain text on your phone, cloud storage, or email.
• Each recovery code can only be used once.

If you lose both your authenticator device and recovery codes, you will not be able to access your account. Bybit cannot reset 2FA without these codes due to security policies. Treat your recovery codes with the same level of importance as your private keys.

Managing 2FA: Disabling or Changing Devices

There may be situations where you need to disable 2FA or transfer it to a new device. To do so:

• Log in to your Bybit account and navigate to "Security" settings.
• Under the 2FA section, click "Disable".
• You will be prompted to enter a current 6-digit code from your authenticator app.
• Input the code and confirm the action.
• Once disabled, you can re-enable 2FA using a new device.

If you are switching phones or reinstalling the authenticator app:

• Set up the new device with the same authenticator app.
• During 2FA reconfiguration on Bybit, choose "Can't scan the QR code?".
• Manually enter the secret key provided during initial setup (if saved).
• Generate a code from the new device and verify it on Bybit.

Always ensure the new device is secure before transferring 2FA. Avoid using public or shared devices for this process.

Common Issues and Troubleshooting 2FA on Bybit

Some users encounter issues during or after 2FA setup. Here are common problems and solutions:

• Clock drift in authenticator app: If your codes are not accepted, check that your phone’s date and time are set to automatic. Incorrect time settings cause code mismatches.
• QR code not scanning: Ensure your camera is clean and the QR code is fully visible. Try adjusting screen brightness or manually entering the secret key.
• Lost recovery codes: If you did not save them, you must disable and re-enable 2FA while still logged in to generate new codes.
• App not generating codes: Reinstall the authenticator app and restore from backup if supported (e.g., Authy allows cloud sync).

If none of these resolve the issue, contact Bybit support with proof of identity. However, support cannot bypass 2FA without recovery codes.

Frequently Asked Questions

Can I use multiple authenticator apps for Bybit 2FA?

Yes, you can link the same QR code or secret key to more than one app. For example, you can set up both Google Authenticator and Authy with the same account as a backup. However, both apps will generate the same time-based codes.

What should I do if I lose my phone with 2FA enabled?

Use one of your recovery codes to log in and disable 2FA. After logging in, set up 2FA again on a new device. If you do not have recovery codes, account recovery is not possible.

Does Bybit support SMS-based 2FA?

No, Bybit does not offer SMS as a 2FA method due to security vulnerabilities associated with SIM swapping attacks. Only authenticator apps are supported.

Can I change my 2FA method after setup?

You cannot switch methods directly, but you can disable the current 2FA and re-enable it using the same or a different authenticator app. The process requires entering a valid 6-digit code from the current setup.