Two-Factor Authentication

Last updated: 2026-01-15

Overview

Two-factor authentication (2FA) adds a critical second layer of protection to your Arkante account. When enabled, signing in requires both your password and a time-sensitive verification code generated by an authenticator application on your personal device. This significantly reduces the risk of unauthorized access, even if your password is compromised.

Given the sensitive nature of financial accounts and trading activity, we strongly recommend enabling two-factor authentication on all Arkante accounts.

Supported Authentication Methods

Arkante supports the following two-factor authentication methods:

  • Authenticator application (TOTP): Compatible with any application that supports the Time-based One-Time Password standard, including Google Authenticator, Authy, Microsoft Authenticator, and 1Password. This is the recommended method for most users.
  • Hardware security keys (WebAuthn/FIDO2): Physical security keys such as YubiKey or Titan Security Key provide the highest level of protection and are recommended for users with elevated account privileges or significant portfolio value.

SMS-based verification is not supported due to known vulnerabilities associated with SIM-swapping attacks.

Enabling Two-Factor Authentication

To enable 2FA on your Arkante account:

  1. Sign in to your account at auth.arkante.com. You will be redirected to your portal at my.arkante.com.
  2. Navigate to Settings > Security.
  3. Under the Two-Factor Authentication section, click Enable 2FA.
  4. Select your preferred authentication method.
  5. For authenticator applications:
    • Scan the displayed QR code using your authenticator application, or manually enter the provided secret key.
    • Enter the six-digit verification code generated by the application to confirm the setup.
  6. For hardware security keys:
    • Insert your security key into your device or hold it near the NFC reader.
    • Follow the on-screen prompts to register the key.
  7. Once verification is complete, you will be presented with a set of backup recovery codes. Save these codes in a secure location immediately.

Two-factor authentication will be active on your account from the next sign-in onward.

Backup Recovery Codes

During the 2FA setup process, you will receive a set of one-time-use backup recovery codes. These codes are essential for regaining access to your account if you lose your authentication device.

Important guidelines for recovery codes:

  • Store them in a secure, offline location such as a printed document in a safe or an encrypted password manager.
  • Each code can only be used once. After use, it is permanently invalidated.
  • Do not share your recovery codes with anyone, including Arkante support staff.
  • If you exhaust all recovery codes, you may generate a new set from Settings > Security > Two-Factor Authentication > Regenerate Recovery Codes. This action will invalidate all previously issued codes.

Managing Two-Factor Authentication

Once 2FA is enabled, you can manage your configuration from the Settings > Security page:

  • View registered devices: See all authenticator applications and hardware keys associated with your account.
  • Add additional methods: You may register multiple authentication methods for redundancy. For example, you can use both an authenticator application and a hardware security key.
  • Remove a method: Click the Remove button next to any registered method. Note that you must retain at least one active method while 2FA is enabled.
  • Disable 2FA entirely: Click Disable Two-Factor Authentication and confirm with your current verification code. Please be aware that disabling 2FA reduces your account security and is not recommended.

Troubleshooting

If you experience issues with two-factor authentication, consider the following:

  • Verification code is not accepted: Ensure the time on your authentication device is synchronized correctly. TOTP codes are time-sensitive and will fail if your device clock is inaccurate by more than 30 seconds. On most devices, enabling automatic time synchronization resolves this issue.
  • Lost access to your authenticator application: Use one of your backup recovery codes to sign in, then set up a new authenticator application from the security settings.
  • Lost hardware security key: Sign in using an alternative registered method or a backup recovery code, then remove the lost key and register a replacement.
  • No backup recovery codes available: Contact our support team at support@arkante.com for assistance. You will be required to complete an identity verification process, which may take up to 48 hours.
  • 2FA prompt not appearing during sign-in: Clear your browser cache and cookies, then attempt to sign in again. If the issue persists, try using a different browser or device.

For additional assistance, please contact our support team through the Contact Us page.

Was this article helpful?

Related Articles

How to Change Your Password

Step-by-step instructions for changing your Arkante account password, including requirements and troubleshooting guidance.