Two-Factor Authentication
Two-Factor Authentication (2FA) in Tonkeeper is a new way to enhance your wallet’s security by requiring additional transaction confirmation through Telegram.
With 2FA enabled, even if your seed phrase is stolen, a transaction cannot be confirmed without your approval. This gives you time to react and safely move your funds if needed.
How does it work?
In most cases, 2FA is used to protect access to centralized systems. For example, banks often use it as an extra step by sending a one-time code to confirm a transaction.
However, implementing 2FA is more challenging for a non-custodial wallet: the wallet would either need to take control of users' funds or find a unique solution that keeps full control in their hands.
We chose the latter. In Tonkeeper, when you enable 2FA, you still manage your wallet using your seed phrase, but now you must confirm transaction requests in the @tonkeeper Telegram bot. This ensures your wallet remains secure even if your seed phrase falls into the wrong hands.
Here’s what happens when you make a transaction:
- You sign the transaction in Tonkeeper as usual.
- A request has been sent to TonAPI, which is waiting for your confirmation in the @tonkeeper bot.
- After you confirm the request in the bot, TonAPI signs the transaction.
- The transaction, signed by both you and TonAPI, is sent to the blockchain using the 2FA extension of your wallet.
- The extension verifies both signatures and processes the transaction.
How to enable 2FA?
2FA is available only for the W5 standard wallets. To activate it:
- Go to Settings > Two-Factor Authentication.
- Tap 'Continue' and link your wallet to your Telegram account.
- Go back to your wallet and tap 'Activate 2FA'.
When 2FA is enabled, 0.15 TON will be deducted from your wallet to cover the 2FA extension’s blockchain fees. If you disable 2FA, the unused balance will be refunded to your wallet.
Are there any limitations?
- 2FA is available only on the web and desktop versions of Tonkeeper, but we're already working on adding it to the mobile app.
- The same wallet will stop working on your other devices.
- 2FA cannot be used with the Battery feature or gasless transfers.
- The multi-send feature is temporarily limited, so you can only send up to 50 transactions at once.
What if I lose access to my Telegram account?
You can link a new Telegram account to your wallet. Go to Settings > Two-Factor Authentication > Change Linked Telegram Account to do this.
Please note that you can confirm the changes in your previous Telegram account. However, if you no longer have access to it, you will be automatically relinked to a new account after 14 days. This is done to ensure your security.
Does 2FA support all types of transactions?
Yes, 2FA will be required for all transactions, including transfers, token swaps, and operations in dApps.