Two-Factor Authentication (2FA)
Learn how to use Mixin Messenger's built-in two-factor authentication to protect your account and asset security.
What is Two-Factor Authentication
Two-Factor Authentication (2FA) is a security mechanism that provides an additional layer of protection for your account.
Authentication Factors
First Factor: Something You Know
- PIN code
- Password
- Mnemonic phrase
Second Factor: Something You Have
- Mobile device
- Biometrics
- 2FA verification code
Mixin's 2FA Features
| Feature | Description |
|---|---|
| Built-in 2FA | No third-party app needed |
| Decentralized | Based on MPC technology |
| Every Transaction | Transfers must be verified |
| Biometrics | Supports fingerprint/face |
| Backup Recovery | Multiple recovery methods |
| Open-Source Transparency | Code auditable |
Set Up Two-Factor Authentication
During Account Creation
Automatically Enabled:
Generate Mnemonic Phrase
- Generate 12 words when creating account
- Mnemonic phrase is first line of defense
- Secure backup is crucial
Set PIN Code
- Create 6-digit PIN
- For daily verification
- Is second line of defense
Biometrics (Optional)
- Set up fingerprint/face recognition
- Quick and secure
- Enhances user experience
Enable Biometrics
Setup Steps:
- Go to "Settings" → "Security"
- Select "Biometric Authentication"
- Enter PIN code to verify
- Record fingerprint or face
- Test verification
- Complete setup
Supported Biometrics:
- 📱 Face ID (iOS)
- 📱 Touch ID (iOS)
- 🤖 Fingerprint (Android)
- 🤖 Face Recognition (Android)
PIN Code Management
Set Secure PIN:
✅ Recommended Practices:
- Use random number combinations
- Avoid birthdays, phone numbers
- Don't use same as other apps
- Change regularly
❌ Avoid:
- 123456, 000000 etc simple combinations
- Repeated digits (like 111111)
- Sequential numbers (like 123456)
- Personal information related numbers
Change PIN Code:
- Settings → Security → Change PIN
- Enter current PIN
- Enter new PIN (6 digits)
- Confirm new PIN
- Complete change
Forgot PIN Code:
- Recover account using mnemonic phrase
- Reset new PIN
- Assets not affected
- See Wallet Recovery
2FA Usage Scenarios
Asset Transfers
Each Transfer Requires:
Enter PIN Code
- Confirm transfer amount
- Enter 6-digit PIN
- Or use biometrics
- Must verify to send
MPC Signing
- Automatically in background
- Multi-party computation verification
- Decentralized protection
- No extra operation needed
Transfer Process:
Initiate transfer
↓
Enter amount and address
↓
Confirm transaction info
↓
PIN code verification (2FA)
↓
Biometric verification (optional)
↓
MPC multi-signature confirmation
↓
Transaction sent
↓
Blockchain confirmationSensitive Operations
Operations Requiring 2FA:
Account Settings
- Export mnemonic phrase
- Change PIN code
- Set social recovery
- Delete account
Asset Management
- Withdraw to external address
- Add new address
- Large transfers
- Wallet settings
Security Settings
- Modify security settings
- View private keys
- Log out all devices
- Reset 2FA
Login Verification
New Device Login:
- Enter mnemonic phrase
- Set new PIN code
- Optionally enable biometrics
- Verify account access
Multi-Device Management:
- Each device independent PIN
- Biometrics separately set
- One device verification doesn't affect others
- Can remotely log out devices
Advanced Security Features
TIP (Transaction in PIN)
What is TIP:
- Mixin's innovative 2FA solution
- Decentralized authentication based on MPC
- PIN is transaction password
- No extra authenticator needed
TIP Advantages:
- Decentralized, no single point of failure
- No dependency on third parties
- Deeply integrated with transactions
- Higher security
Technical Principle:
User PIN
↓
Local encryption processing
↓
Generate key shards
↓
Distributed MPC nodes
↓
Multi-party computation verification
↓
Reach consensus
↓
Authorize transactionMulti-Signature
MPC Multi-Signature Mechanism:
Key Sharding
- Private key split into multiple fragments
- Distributed across different nodes
- Single fragment cannot be used
- Need majority fragments to sign
Signing Process
- Initiate transaction request
- Each node calculates independently
- Don't leak key fragments
- Compose final signature
Security Guarantee
- Some node failures don't affect
- Prevent single point attacks
- Decentralized architecture
- Military-grade security
Time Lock
Delayed Withdrawal:
Set Time Lock
- Settings → Security → Time Lock
- Select delay time (1-24 hours)
- Large withdrawals auto-delayed
- Can cancel in emergency
How It Works
- Enter waiting period after initiating withdrawal
- Can cancel during waiting period
- Auto execute when time expires
- Prevent theft attacks
Use Cases
- Large asset protection
- Prevent immediate transfer after phone stolen
- Leave reaction time
- Add security buffer
Account Protection
Mnemonic Phrase Security
Best Practices:
Physical Backup
- Write by hand on paper
- Use metal plates
- Multiple backups
- Store in different locations
Storage Locations
- Home safe
- Bank safe deposit box
- With trusted family
- Professional storage service
Strict Confidentiality
- Don't photograph
- Don't screenshot
- Don't cloud store
- Don't send to anyone
❌ Never:
- Store on computer/phone
- Send to others
- Store online
- Share with others
- Enter on phishing sites
Device Security
Lock Screen Protection:
Set Device Password
- Strong password or biometrics
- Auto lock screen
- Set lock time
- Failure attempt limits
App Lock
- Mixin app lock
- Extra protection layer
- Verify to open app
- Set timeout
Remote Protection:
- Enable "Find My Device"
- Can remotely lock
- Can remotely wipe
- Prevent data leaks
Network Security
Secure Connection:
Avoid Public Wi-Fi
- Don't transfer on public Wi-Fi
- Use cellular data
- Or use VPN
- Prevent man-in-the-middle attacks
Check Network
- Confirm HTTPS connection
- Verify certificate
- Watch for phishing sites
- Use official apps
Social Recovery
Set Up Social Recovery
As 2FA Backup:
Choose Recovery Contacts
- Select 3-5 trusted friends
- They are your backup
- Can recover if PIN lost
- Distributed security mechanism
Recovery Process
- Initiate recovery request
- Contact recovery contacts
- Majority agree
- Reset PIN and 2FA
See detailed info: Social Recovery Guide
Recovery Contact Responsibilities
As Recovery Contact:
Duties
- Safely store key shard
- Verify recovery requests
- Confirm identity
- Respond promptly
Considerations
- Confirm through other means
- Don't easily agree
- Keep Mixin active
- Inform others of changes
Security Checklist
Daily Checks
Weekly Check:
- ✅ Check logged-in device list
- ✅ Review recent transactions
- ✅ Confirm social recovery contacts
- ✅ Test biometric function
Monthly Check:
- ✅ Update app to latest version
- ✅ Check security settings
- ✅ Review account activity
- ✅ Verify backup integrity
Quarterly Check:
- ✅ Change PIN code
- ✅ Test recovery process
- ✅ Update recovery contacts
- ✅ Check mnemonic phrase backup
Security Score
Self-Assessment:
Basic Security (Must)
- ✅ Backup mnemonic phrase
- ✅ Set strong PIN
- ✅ Enable biometrics
- ✅ Device password protection
Advanced Security (Recommended)
- ✅ Set social recovery
- ✅ Enable time lock
- ✅ Regularly change PIN
- ✅ Multiple mnemonic backups
Expert Security (Optional)
- ✅ Use hardware wallet
- ✅ Cold storage large amounts
- ✅ Professional mnemonic storage
- ✅ Regular security audits
Emergency Response
Device Lost
Immediate Actions:
Login on New Device
- Recover using mnemonic phrase
- Immediately change PIN
- Check transaction records
- Check for abnormal activity
Remote Protection
- Log out all devices
- Modify important settings
- Transfer assets if needed
- Notify contacts
PIN Code Leaked
If PIN Suspected Leaked:
Immediately Change
- Settings → Change PIN
- Use completely new combination
- Enable time lock
- Monitor account activity
Extra Measures
- Check transaction history
- Review device list
- Strengthen other security
- Transfer assets if necessary
Mnemonic Phrase Leaked
Highly Dangerous, Immediate Action:
Create New Account
- Immediately create new account
- Generate new mnemonic phrase
- Set new PIN
Transfer Assets
- Transfer all assets ASAP
- Prioritize large amounts
- Notify contacts
- Update wallet addresses
Best Practices
Security Recommendations
Basic Principles:
Never Share
- Mnemonic phrase
- PIN code
- Private keys
- Verification codes
Stay Vigilant
- Identify phishing attacks
- Verify website authenticity
- Don't click suspicious links
- Don't install suspicious apps
Regular Maintenance
- Update apps
- Check settings
- Backup data
- Test recovery
Transaction Security
Pre-Transfer Checklist:
Carefully Verify
- Receiving address
- Transfer amount
- Token type
- Network/chain
Small Amount Test
- Test large transfers first
- Confirm arrival
- Then transfer large amount
- Avoid losses
Double Confirm
- Check address multiple times
- Confirm recipient
- Check notes
- Operate carefully
Common Questions
Does 2FA make it harder to use?
No:
- Biometrics very convenient
- PIN quick to enter
- Only needed at critical times
- Worth the security
What if I forget PIN?
Two ways:
- Recover using mnemonic phrase
- Through social recovery
- Reset PIN
- Assets won't be lost
Are biometrics secure?
Very secure:
- Stored locally
- Not uploaded
- Hardware encryption
- Cannot copy
Can I disable 2FA?
No:
- 2FA is mandatory
- Protects asset security
- Cannot disable
- But can choose verification method
How does multi-device 2FA work?
Independent setup:
- Each device independent PIN
- Biometrics separately set
- One verification doesn't affect others
- Flexible and convenient
Is social recovery secure?
Very secure:
- Needs multiple people to agree
- Has time delay
- Can refuse anytime
- Distributed protection
Will time lock affect normal use?
No:
- Only affects large withdrawals
- Normal transfers unaffected
- Can customize threshold
- Can cancel in emergency
Technical Details
MPC Technology
Multi-Party Computation Principle:
Key Sharding
├─ Node 1 (33% key)
├─ Node 2 (33% key)
└─ Node 3 (33% key)
Signing Process:
1. User initiates transaction
2. PIN verification
3. Each node calculates independently
4. Don't expose key fragments
5. Compose complete signature
6. Transaction authorizedSecurity Advantages:
- No single point of failure
- Key never aggregated
- Distributed security
- Quantum resistance
TIP Protocol
Transaction in PIN:
- Decentralized 2FA
- PIN is key
- MPC implementation
- No third-party authenticator needed
Comparison with Traditional 2FA:
| Feature | TIP | Traditional 2FA |
|---|---|---|
| Decentralized | ✅ | ❌ |
| No Single Point Failure | ✅ | ❌ |
| Deep Integration | ✅ | 🔸 |
| User Experience | ✅ | 🔸 |
| Security | Highest | High |
Related Resources
- Create Account - Learn about mnemonic and PIN
- Wallet Recovery - Recover account access
- Social Recovery - Set up social recovery
- Privacy Protection - Comprehensive security guide
- MPC Wallet - Learn MPC technology