Multi-Factor Authentication

Fluidkey supports multi-factor authentication to protect your account from unauthorized access and to add a confirmation step before high-value transactions. When enabled, MFA is required at account restore and before any transfer or exporting your keys — depending on the limits you configure.

Supported Verification Methods

You can register up to three methods, one of each type:

• Email — a one-time code is sent to your registered email address.

• Authenticator App (TOTP) — a time-based code generated by an authenticator app such as Google Authenticator.

• SMS (Coming Soon) — a one-time code is sent to your registered phone number.

One of your registered methods is set as the default method. This is the method used whenever MFA verification is required. You can change the default at any time from the MFA settings.

Enabling MFA

To enable MFA, open the MFA settings from your account menu. If you don't have any verification methods registered yet, you'll be guided through adding your first one. Once verified, MFA is automatically activated with that method as your default.

Spending Limits

When MFA is enabled, you configure a threshold and a timeframe that determine when verification is required for outgoing transactions (sends, swaps, etc.).

• Threshold — the USD amount above which MFA is required. The minimum is $100 and the default is $2,000.

• Timeframe — the rolling time window over which your outgoing transaction amounts are accumulated and compared against the threshold. The available options are:

  • Daily — rolling 24-hour window

  • Weekly — rolling 7-day window

  • Monthly — rolling 30-day window

How Rolling Windows Work

The timeframe is a rolling window, not a calendar-based reset. This means:

• If you select Weekly, the system looks at the total amount you've moved in the last 7 days from this moment — it does not reset every Monday.

• If you select Daily, it looks at the last 24 hours from now, not from midnight.

• If you select Monthly, it looks at the last 30 days from now.

As older transactions fall outside the window, they no longer count toward the accumulated total. For example, with a weekly window and a $2,000 threshold: if you sent $1,500 six days ago and $600 today, your rolling total is $2,100 and MFA would be required for the next transaction. Once that first $1,500 transaction is more than 7 days old, it drops out of the window and your rolling total decreases.

You can edit your threshold and timeframe at any time from the MFA settings.

When MFA Is Required

Once enabled, MFA is enforced in the following situations:

Account Restore

When you restore your account on a new device or access it through the web app, you must complete an MFA challenge. Once passed, this verification is remembered on that device — you won't be asked again unless you log out or remove your account.

Transacting

When you confirm a transaction, the system checks whether the transaction amount exceeds your threshold. If it does, you'll be asked to complete an MFA challenge before the transaction is submitted.

Accessing Backups

If you attempt to export your private key or access backup options, you'll need to verify MFA first.

Disabling MFA

To disable MFA, go to the MFA settings and toggle it off. You'll be asked to verify MFA before it gets deactivated. This prevents someone with temporary access to your device from turning off your protection.

Tips

• Use an authenticator app for the most reliable experience — it works offline and doesn't depend on email or SMS delivery.

• Register multiple methods as a backup in case you lose access to your primary one.

• Set a threshold that matches your usage — too low and you'll be prompted frequently, too high and it won't protect smaller transactions.