To enhance security, Deribit requires all users to enable two-factor authentication (2FA) before accessing their accounts. This additional layer of protection helps safeguard your funds and personal data from unauthorized access.
Deribit supports two methods of 2FA:
1.Passkeys (e.g., YubiKeys, biometric authentication) – A hardware-based or built-in security key that offers highly secure authentication.
2.Authenticator Apps (e.g., Google Authenticator, Authy) – A time-based one-time password (TOTP) method that generates unique login codes on your mobile device.
There are several types of passkeys supported on Deribit, including hardware keys (such as YubiKey) and software keys (such as Bitwarden).
-
Select "Add PassKey".
-
Provide a clear, recognizable name for your YubiKey or passkey.
-
When prompted by your browser, confirm the device registration.
-
Insert your YubiKey or use a software passkey provider, then allow the device to be registered.
After the initial setup the first security key will have the scopes login, wallet, and account assigned.
Several types of authenticator apps can be used. One commonly used example is Google Authenticator.
-
Select "Add 2FA App".
-
Provide a clear, recognizable name for your 2FA or authenticator key.
-
Scan the QR code or manually enter the key into your chosen authenticator app.
-
The authenticator will generate a six-digit code; enter this code to activate 2FA.
After the initial setup the first security key will have the scopes login, wallet, and account assigned.
The security key assignments define the scope(s) the keys can be used for.
-
Account
Account management is considered as the Master key.
-
Required to add or remove other security keys
-
Required to add, edit or remove API keys
-
Required to makes changes in the administration of subaccounts.
-
-
Login
The key(s) required to login to the user interface.
-
Wallet
Wallet management is required for all actions regarding transactions.
-
Initiating withdrawals
-
Adding or removing withdrawal addresses
-
Adding or removing secondary email for withdrawals
-
An account might choose to setup different security keys for different permissions. Accounts that have several owners, several traders and/or a finance team can define the permissions of each employee by their security keys.
-
A particular assignment scope (e.g. Wallet, Login) can have several keys assigned to it.
-
A security key can have multiple scopes assigned to it.
-
Only one key can have the scope "Account" assigned to it. This key is also known as the master key.
You can add new keys on the security keys page and manage their assignments in the active security keys list at the bottom of the page.
To change your security keys while still having access to the security key with assignment Account, navigate to the security keys page.
Under ‘Active security keys’, there is a small trash can icon to remove a security key that is currently applied to your account. To remove it click this icon.
Removing a security will require confirmation by the security key with the assignment Account.
If you are unable to access your account using a known key, please try synchronizing the device to the Internet clock. This may restore functionality if the Authenticator app is showing codes for a different timestamp and thus not allowing access.
Should the 2FA device be lost or stolen and to reset lost 2FA on Deribit, please contact support@deribit.com.
The support team will then provide you with the necessary steps to verify your, the account owner’s identity and reset your 2FA. This process is in place to ensure that only you, the account holder, can request and complete a 2FA reset, thus maintaining the security of your account.
Important
Remember to have any relevant information on hand that might be required for identity verification.