Skip to main content

Two-Factor Authentication (2FA) Guide

Your PolyBot wallet is controlled through Telegram. 2FA closes the gap by requiring a second verification — a time-based code from a separate authenticator app — before any sensitive action.

🔐 Why enable 2FA?

With 2FA on, someone who compromises your Telegram still can't withdraw funds or export your private key without your authenticator code. For any wallet holding meaningful value, this is worth the minor extra step.

🛡️ What it protects

Only the actions that move funds out or expose your keys:

  • 💸 Withdrawals — sending USDC.e to an external address
  • 🔑 Private key export — revealing the key that controls your wallet

Trading, deposits, browsing — all unaffected.

⚙️ Setting up 2FA

Requirements

A TOTP-compatible authenticator app: Google Authenticator, Authy, Microsoft Authenticator, or 1Password.

Enable

  1. ⚙️ Settings → 🔐 Two-Factor Authentication
  2. Tap 🔐 Enable 2FA
  3. Scan the QR code (or use manual entry key)
  4. Enter the 6-digit code from your app
  5. Save your backup codes
Save Your Backup Codes

Shown only once. Store securely offline.

🔑 Backup codes

One-time recovery codes if you lose your phone or authenticator access.

  • Each code works once
  • Store securely offline
  • Backup message auto-deletes after ~60s

📲 Using 2FA

💸 Withdrawals

  1. Start withdrawal → enter 6-digit authenticator code → continues

🔑 Private key export

  1. ⚙️ Settings → 🔑 Export Private Key → enter code → key shown briefly, then auto-deletes

Note: Backup codes are for disabling 2FA, not for withdrawal/export prompts (those expect a live authenticator code).

❌ Disabling 2FA

  1. ⚙️ Settings → 🔐 Two-Factor Authentication
  2. Tap ❌ Disable 2FA
  3. Enter your authenticator code (or a backup code if you lost access)
  4. Confirm
caution

Only disable when necessary — removes the extra security layer.

🔒 Lockout protection

Too many failed attempts temporarily locks the flow. Wait for the lockout to expire.

🔧 Troubleshooting

Code not working — ensure phone time is synced automatically. Codes expire every 30s. Check you're using the correct account in your app.

Lost authenticator — use a backup code to disable 2FA from ⚙️ Settings, then re-enable to get a new secret + fresh codes. No backup codes left → contact @polybothub.

Backup codes exhausted — disable 2FA with your authenticator code, then re-enable to generate new ones.

💡 Tips

  1. Use a reputable authenticator app
  2. Store backup codes offline
  3. Never share 2FA or backup codes
  4. Treat 2FA and your private key as separate security layers
Last updated on