The financial instruments we offer are risky. Most retail clients lose money when trading CFDs. Please make sure you fully understand how they work, and if necessary seek independent advice. XTB is regulated by the DFSA.

The financial instruments we offer are risky. Most retail clients lose money when trading CFDs. Please make sure you fully understand how they work, and if necessary seek independent advice. XTB is regulated by the DFSA.

The financial instruments we offer are risky. XTB is regulated by the DFSA.

How can we help you?

Two-Factor Authentication (2FA)

Written by Anna Niedobova

Updated: 2026-06-26 10:32:39

What is Two-Factor Authentication (2FA) and why is it mandatory?

2FA, or Two-Factor Authentication, is a method of securing your account by requiring two different factors to verify a client's identity. Instead of relying solely on a password (a single component), 2FA adds an extra layer of security.

Starting July 22, 2025, we began the process of automatically enabling two-factor authentication for all existing clients. 2FA is mandatory and cannot be disabled. The only available option is to change your authentication method to a different one.

Within XTB, two authentication methods are available:

  • SMS Code – sent to the Client's phone number.

  • Time-Based One-Time Password (TOTP) – This method involves generating one-time codes in authenticator apps (e.g., Google Authenticator, Microsoft Authenticator, Apple Passwords). Its main advantages are a higher level of security (the solution does not depend on a mobile network) as well as speed and convenience of use.

How to enable or change the 2FA method in the mobile app and on the web platform?

In the mobile app:

Click on the profile icon in the top-left corner -> Security -> Two-Factor Authentication:

Select your preferred method:

  • SMS – enter your phone number and confirm the operation with the code sent via SMS.

  • TOTP – install an authenticator app (e.g., Google Authenticator or Microsoft Authenticator), then copy and paste the key into the app or scan the displayed QR code. The generated 6-digit code will be used to gain access to your account.

On the web platform:

Click on the three lines in the top-right corner -> Settings -> Two-Factor Authentication.

What to do if you lose access to your phone or authenticator app (TOTP)?

If you have changed your phone number, lost the device with the authenticator app, failed to save your backup codes, or are experiencing other difficulties accessing your account (e.g., you are not receiving authorization SMS messages), self-configuration of settings will not be possible. In such a situation, you must contact our Customer Support by phone immediately. For security reasons, resetting 2FA methods and updating contact details require direct identity verification by our agent during the phone call.

How to add a device to trusted devices?

When logging into the XTB mobile app, a message will appear asking if you want to add this device to your trusted list. If you agree, you will not be asked to enter a verification code during your next login.

Where can I find the list of trusted devices and browsers?

You can verify trusted devices and browsers directly in the XTB mobile app. Open the XTB mobile app and click on the profile icon in the top-left corner. Then go to the Security tab and select Two-Factor Authentication (2FA). At the bottom of the screen, you will find the Trusted devices and browsers section.

You can remove a trusted device or browser from the list at any time. Once removed, re-confirmation via 2FA will be required during the next login from that specific device/browser.

If you still need help with your question,

Related articles

Complaints

How to file a complaint, Response time

What is the Client office for?

Client office

How to set Stop Loss and Take Profit orders in the mobile app?

Stop Loss, SL, Take profit, TP