2FA / MFA options
in progress
M
Merlot Swift
I want to secure my account using 2FA.
This will be an optional feature
Workaround
You can link your Koinly account to your Google account, effectively enabling 2FA (assuming you have it set up on Google). See section "How to switch to Google login" in How do I change my email or login method? | Koinly Help Center
Mind that, after linking your Google account, your password will be removed and you will no longer be able to log in using the email/password combo - only via "Continue with Google"
V
Varied Tyrannosaurus
Time to close account at koinly, no mfa
L
Lilac Cougar
Native 2FA/MFA is a baseline security requirement for a product that stores sensitive financial and crypto tax data.
This request has been open since 2021 and is one of the most-upvoted requests on Koinly. Google login with 2FA is only a workaround; it does not replace native account-level MFA.
Can the Koinly team please share a concrete ETA or target quarter for rollout?
F
Famous Stoat
5 years later and no MFA. This is why you never build your own IdP, but rather use products such as AWS Cognito and Auth0. One click setup and done.
Z
Zircon blue Llama
I've been with Koinly for years, and love the product. But no 2fa is starting to be an issue for me. I need that level of security. 4 years is a very long time on the internet, to not have rolled it out yet. I don't use google because I don't trust them. I use hardware 2fa for everything, except Koinly. Come on guys, prioritise.
C
Carl
Hi all,
Thanks everyone for raising this, we completely understand the frustration.
We know that 2FA/MFA is a standard security expectation, and the length of time this has been requested without a visible rollout has understandably been disappointing. This feature is still on our internal roadmap and is marked as in progress, but we also recognise that progress has been slower than it should have been.
In the meantime, one option is to choose to sign in via Google. If you have 2-step verification enabled on your Google account, that additional protection also applies when using Google to log in to Koinly. That said, we’re very aware this is not the same as having native 2FA/MFA directly on Koinly accounts, and we will continue to work on it.
If you already have an account, you can add Google as a sign-in method from the Settings → Account Settings page:
Photo Viewer
View photos in a modal
V
Violet Reptile
Carl Thanks for the update on this. I actually did just that using Google account as the login that has 2FA. This issue was more complex before you offered the option to change an email / password login from that to a google account. Everytime i attempted to use google as my login choice it told me i was using the email process instead. for those that dont know, you can go to your account settings page and change the login from email type to google account which is as Carl said "about " the same
I
International orange Scallop
Its great to have a response from Koinly but I don't think this is really given the priority it should be from Koinly as a co working within the Crypto space. They are prime targets for attack and as history has taught us.... :( Good to know there is a google workaround
G
Grateful Porpoise
It's good that there is one workaround for those who use the same Google email. Unfortunately I'm using a completely unique email address for Koinly access. While that does offer me personally some extra anonymity, there are still plenty of attack vectors which 2FA would negate. And it's really not great for those who don't use Google or unique emails and have had their emails leaked in the pervasive hacks that seem to plague most platforms. I'd almost suggest pausing all other development activity to get this rolled out, considering it's your customer's and their families lives potentially at stake. I'm sure 99% of us would understand and appreciate a short pause in development to get this over the hill.
W
Weekly Barnacle
Carl
As others have said, crypto is riddled with scams and hacks.
By not mandating or prioritising 2FA, Koinly is leaving a lot of users exposed. Without strong authentication, attackers can target accounts via credential stuffing, phishing, SIM swapping...
It also raises questions about backend security. If protecting user accounts isn’t a priority, there is a real risk that API keys, wallet addresses, or sensitive transaction data could be easier to access.
It’s not a stretch to assume Koinly will be a target because of these gaps...
W
Worldwide Walrus
Carl The fact that your product still does not have a 2FA is a joke. Just read the comments and get it done.
P
Papaya whip Ladybug
Why is there no 2FA/MFA? Please update this immediately.
S
Silver Amphibian
I think there is some other serious problem. Koinly can do this in a day, but pending for 4 years.
L
Lovely Gibbon
Post is from 2021.
Crazy. This tells a lot. 4 years and still no 2FA, are they actually giving a shit?
J
Jasmine green Chickadee
Wild that this hasn't been implemented on a paid financial platform.
F
Fellow Weasel
As far as I can tell, this is the highest voted feature. And it's been there for exactly four years. I've implemented 2FA myself. It's not that hard. What's the hold up?
Load More
→