How to secure your Bybit account with Google Authenticator?

Enabling Two-Factor Authentication on Bybit

1. Log in to your Bybit account via the official website or mobile application.

2. Navigate to the Security Center under the Account Settings section.

3. Locate the Google Authenticator option and click “Enable”.

4. Scan the QR code displayed on screen using the Google Authenticator app installed on your smartphone.

5. Enter the six-digit verification code generated by the app to confirm activation.

Setting Up Google Authenticator Correctly

1. Download and install Google Authenticator from the official app store for your device.

2. Ensure your device’s time is synchronized with internet time servers to prevent token mismatch.

3. Do not uninstall or reset the Authenticator app after setup unless you have securely backed up your recovery codes.

4. Avoid taking screenshots of the QR code or saving it in cloud storage.

5. Assign a clear label such as “Bybit – Main Account” inside the Authenticator app for quick identification.

Recovery Options and Backup Procedures

1. Immediately after enabling Google Authenticator, Bybit provides a set of one-time backup recovery codes.

2. Store these codes offline — on paper or in an encrypted local file — never in email or cloud notes.

3. Each recovery code can only be used once and becomes invalid after use.

4. If you lose access to both your phone and recovery codes, account recovery requires submitting verified identity documents through Bybit’s support channel.

5. Never share your recovery codes with anyone — Bybit staff will never ask for them.

Recognizing and Preventing Phishing Attempts

1. Always verify that the URL in your browser reads “https://www.bybit.com” with a valid SSL certificate.

2. Ignore unsolicited emails or messages claiming to be from Bybit asking for login credentials or 2FA codes.

3. Hover over links before clicking to check destination domains — fake sites often use lookalike URLs like “bybit-support.net”.

4. Enable anti-phishing protection in your Bybit Security Center by setting a custom phrase visible only on legitimate login pages.

5. If you enter your 2FA code on any page other than the official Bybit login, assume your account is compromised.

Managing Multiple Devices and Sessions

1. Google Authenticator does not sync across devices — installing it on a second phone requires re-scanning the QR code.

2. You may view and terminate active sessions from the Security Center to detect unauthorized logins.

3. Logging in from new devices triggers email notifications — review them regularly for anomalies.

4. Disable unused API keys and withdraw whitelist addresses if no longer needed.

5. Each Bybit account should use a dedicated Google Authenticator instance — sharing tokens across accounts increases systemic risk.

Frequently Asked Questions

Q: Can I use Authy instead of Google Authenticator?Yes, Authy supports TOTP and works with Bybit. However, ensure cloud backups are disabled or protected with a strong passphrase.

Q: What happens if I lose my phone but still have my recovery codes?You can disable Google Authenticator in the Security Center using those codes and set up a new authenticator instance.

Q: Does Bybit support hardware security keys like YubiKey?As of current implementation, Bybit does not support FIDO2 or U2F security keys — only TOTP-based apps and SMS fallback.

Q: Why does my Google Authenticator code change every 30 seconds?This is standard Time-Based One-Time Password behavior — the code is derived from a shared secret and current Unix time, recalculating every half-minute for security.