Read more

How can we help you?

Two-Factor Authentication (2FA)

Written by Yen Bui

Updated: 2026-02-24 03:46:44

2FA, or Two-Factor Authentication, is a method of securing an account by requiring the use of two different factors to confirm the Client's identity. Instead of relying only on a password (one factor), 2FA adds an additional level of security.

Within XTB, there are three available authentication methods.

  1. The first option is authentication via an SMS code sent to the Client’s phone number.

  2. The second option is TOTP: Starting from July 14, 2025, XTB clients will also be able to use a new authentication method – Time-Based One-Time Password (TOTP). This method involves generating one-time codes in popular applications such as Google Authenticator, Microsoft Authenticator, or Apple Passwords, which are then used to verify the user’s identity. Its main advantages include enhanced security – as it is not dependent on the mobile network – as well as speed and convenience.

  3. The third option is authentication via an code sent to the Client’s registered email address.

2FA can be launched from the xStation platform (browser version) and from the mobile application.

To launch 2FA in the mobile application, click the Profile icon in the upper left corner -> Security -> Two-Factor Authentication.

Select your preferred method:

SMS – enter your phone number and confirm the action using the code sent via SMS.

TOTP – install an authentication app (e.g., Google Authenticator or Microsoft Authenticator), then copy and paste the key into the app or scan the displayed QR code. The generated 6-digit code will be used to access your account.

To enable 2FA on the xStation platform, click the three lines in the upper right corner -> Settings -> Two-Factor Authentication:

How to add a device to the trusted devices list?

When you log into the XTB mobile app for the first time after setting up Two-Factor Authentication, you will be asked if you want to add this device to the trusted devices list. If you accept, you will not need to enter a verification code the next time you log in using this device.

Trusted Devices and Browsers List

You can verify trusted devices and browsers directly within the XTB mobile app. Open the XTB mobile app and tap the profile icon in the upper left corner. Then, go to the Security tab. Select Two-Factor Authentication (2FA). At the bottom of the screen, you will see a list of Trusted Devices and Browsers.

You can remove a trusted device or browser from the list at any time.

After removal, 2FA will be required on your next login from that device/browser.

If you still need help with your question,

Related articles

How can I change my personal data?

Personal data change - for clients whose account is active

Invite Friends

Invite and refer friends to open an account at XTB

Changing the 2FA Authentication Method
Join over 2 000 000 XTB Group Clients from around the world
Start trading Download the app Download the app
The financial instruments we offer, especially CFDs, can be highly risky. Fractional Shares (FS) is an acquired from XTB fiduciary right to fractional parts of stocks and ETFs. FS are not a separate financial instrument. The limited corporate rights are associated with FS.
This page was not created for investors residing in Brazil. This brokerage is not authorized by the Comissão de Valores Mobiliários (CVM) or the Brazilian Central Bank (BCB). The content of this page should not be characterized as an investment offer in Brazil or for investors residing in that country.
Losses can exceed deposits