Account Security

BlockchainAnalysis.io supports multiple layers of account security: two-factor authentication (TOTP), passkeys (WebAuthn), and recovery codes. All users are strongly encouraged to enable at least one additional authentication factor.

Two-Factor Authentication (2FA)

2FA adds a time-based one-time password (TOTP) as a second factor when logging in. You will need an authenticator app such as Google Authenticator, Authy, 1Password, or any TOTP-compatible app.

Enable 2FA

  1. Navigate to Account > Security.
  2. Click Enable 2FA.
  3. Scan the QR code with your authenticator app.
  4. Enter the 6-digit code from your app to confirm.
  5. Save the recovery codes displayed on screen.

Store your recovery codes in a secure location (password manager, printed copy in a safe). If you lose access to your authenticator app and do not have recovery codes, you will need to contact support to regain access.

How It Works

  • After entering your password, you are prompted for a 6-digit TOTP code.
  • Codes rotate every 30 seconds.
  • The platform allows a 1-step time drift tolerance (codes from the previous and next 30-second windows are accepted).

Passkeys (WebAuthn)

Passkeys provide phishing-resistant, passwordless authentication using the WebAuthn standard. Supported authenticators include:

  • Platform authenticators — Touch ID (macOS), Windows Hello, Android biometrics
  • Roaming authenticators — YubiKey, Titan Security Key, other FIDO2 hardware keys
  • Cloud-synced passkeys — iCloud Keychain, Google Password Manager, 1Password

Add a Passkey

  1. Navigate to Account > Security > Passkeys.
  2. Click Add Passkey.
  3. Your browser will prompt you to select an authenticator.
  4. Complete the authenticator verification (biometric, PIN, or touch).
  5. Name the passkey (e.g., "MacBook Touch ID", "YubiKey Blue").

Using Passkeys to Log In

On the login page, click Sign in with Passkey. Your browser will prompt you to select and verify your registered passkey. No password or TOTP code is needed.

You can register multiple passkeys (e.g., one for your laptop, one for your phone, one hardware key as backup). If you lose one, the others still work.

Recovery Codes

Recovery codes are single-use backup codes that allow you to log in if you lose access to your 2FA device or passkey.

  • 8 recovery codes are generated when you enable 2FA.
  • Each code can be used once.
  • You can regenerate new codes at any time from Account > Security > Recovery Codes (this invalidates all previous codes).

Using a Recovery Code

On the 2FA prompt screen, click Use a recovery code and enter one of your unused codes.

If you have used all 8 recovery codes and lose access to your authenticator, you will need to contact support with identity verification to regain account access. This process may take 24–48 hours.

Security Recommendations

| Recommendation | Priority | |---------------|----------| | Enable 2FA (TOTP) | Required for all accounts | | Add at least one passkey | Strongly recommended | | Store recovery codes securely | Required when 2FA is enabled | | Register multiple passkeys | Recommended (redundancy) | | Use a hardware security key | Recommended for Enterprise accounts | | Review active sessions regularly | Recommended |

Session Management

Navigate to Account > Security > Active Sessions to view all currently logged-in sessions. You can:

  • See device type, browser, IP address, and last activity for each session.
  • Revoke individual sessions to force logout on that device.
  • Revoke all to force logout everywhere except the current session.

Next Steps

BlockchainAnalysis.io — Digital Asset Compliance Platform