2FA, or Two-Factor Authentication, is a method of securing an account by requiring the use of two different factors to confirm the Client's identity. Instead of relying only on a password (one factor), 2FA adds an additional level of security.

Within XTB, there are two available authentication methods.

The first option is authentication via an SMS code sent to the Client’s phone number.

Starting from July 14, 2025, XTB clients will also be able to use a new authentication method – Time-Based One-Time Password (TOTP). This method involves generating one-time codes in popular applications such as Google Authenticator, Microsoft Authenticator, or Apple Passwords, which are then used to verify the user’s identity. Its main advantages include enhanced security – as it is not dependent on the mobile network – as well as speed and convenience.

2FA can be launched from the xStation platform (browser version) and from the mobile application.

To launch 2FA in the mobile application, click the Profile icon in the upper left corner -> Security -> Two-Factor Authentication.

Select your preferred method:

SMS – enter your phone number and confirm the action using the code sent via SMS.

TOTP – install an authentication app (e.g., Google Authenticator or Microsoft Authenticator), then copy and paste the key into the app or scan the displayed QR code. The generated 6-digit code will be used to access your account.

To enable 2FA on the xStation platform, click the three lines in the upper right corner -> Settings -> Two-Factor Authentication: