A step-by-step guide to configuring 2FA, the single most important action you can take to protect your Uphold account and digital assets.
In the digital world, your password (the first factor) can sometimes be compromised through phishing, keyloggers, or data breaches. **2FA adds a second, crucial layer of security.** When 2FA is active, an attacker needs two things to log in: your password *and* the time-sensitive code generated by an application on your physical mobile device. This makes unauthorized access virtually impossible without physical control of your phone.
🔑 Security Principle:
Uphold uses **TOTP (Time-based One-Time Password)** 2FA, which generates a new, unique code every 30 seconds. This is the industry standard and far more secure than SMS-based 2FA.
Before you begin the setup process within your Uphold account, you must have the following tools ready:
Step 3.1: Navigate to Security Settings
Log into your Uphold account on your desktop browser. Click on your **Profile Icon** (usually in the top right corner), then select **Settings** > **Security**. Look for the section labeled **"Two-Factor Authentication"** or **"2FA."**
Step 3.2: Scan the QR Code
Uphold will display a unique **QR code** and a corresponding **Setup Key** (a long string of characters). Open your Authenticator App (e.g., Authy) on your phone. Select the option to **"Add Account"** or **"Scan a QR code."** Point your phone's camera at the QR code displayed on the Uphold screen. The app should instantly recognize the Uphold account and begin generating codes.
Step 3.3: Record Your Backup Key (CRITICAL)
Before proceeding, you **must** write down or securely save the text-based **Setup Key** Uphold provides (the long string of letters and numbers).
This key is the *only* way to recover your 2FA access if you lose, break, or factory-reset your mobile phone. Store this key **offline** (not on your computer or cloud drive) in a secure, fireproof location.
Step 3.4: Verify and Finalize
To finalize the setup, your Uphold screen will ask you to enter a verification code. Look at the authenticator app you just set up, wait for a fresh 6-digit code to appear, and quickly enter it into the Uphold verification field. Click **"Verify"** or **"Enable."**
A successful verification means 2FA is now active. You will be prompted for a 2FA code every time you log in or initiate a sensitive transaction.
If you lose your phone or accidentally delete your authenticator app, do not panic. Your previously saved **Setup Key** (from Step 3.3) is your lifeline.
🔴 If You Have the Setup Key:
Download a new authenticator app on your replacement device. When adding a new account, select the option to **manually enter the key** and input the long string of characters you saved. This will restore the Uphold entry and the codes on your new device.
❌ If You Lost Both Your Phone and Setup Key:
You will be required to go through Uphold's manual account recovery process, which involves rigorous identity verification and can take several business days to complete. Contact Uphold Support immediately, but understand that this process is lengthy by design to protect your assets.