Two-factor authentication (2FA)

This FAQ contains the following information:

Two-factor authentication (2FA) adds an extra level of security when you sign in to OANDA's trading platforms from either your computer or mobile device. It is designed to prevent unauthorised users from accessing your account with a stolen password.

When enabled, two-factor authentication (2FA) works by requiring an additional login credential every time you try to access your Client Zone account. If you own a smartphone, use any authenticator app (we recommend using Google Authenticator) to generate instant verification codes that are used to sign in to your OANDA account.

After you sign in with your current password, you will be required to request a verification code via your Google Authentication or other application. Once you have the code, you will need to type it when prompted to gain access to your account.

After you have configured your account for 2FA, you will be required to provide the code/unique set of numbers each time you login to your OANDA account.

Google Authenticator is a mobile application that allows you to generate verification codes on your smartphone without a network connection. Google Authenticator is the best option if you have a smartphone or tablet. Note: authentication can only be configured on one device for each application or service.

  • Google Authenticator is available for Blackberry, iPhone 3+ and Android phones and most tablets. Download the Google Authenticator app from your devices app store.

  • Do not use the 'back' button on your browser during the setup process. If you do, the one-time password won't work and you will be required to rescan the QR code, or resend an email to complete setup.

  1. Log in to the Client Zone page using your email address and password.

  2. In the Passwords and security section, go to Two step verification (2FA).

  3. In the Client zone section, click on Add device.

  4. Scan the QR code using Google Authenticator, enter the code and click on Add.

  5. Two-factor authentication is enabled. Click on Close to go back to the Client Zone.

  1. Log in to the Client Zone page using your email address and password.

  2. In the Passwords and security section, go to Two step verification (2FA).

  3. In the Trading platforms section, click on the toggle button to activate two-factor authentication for trading platforms.

  4. Enter the SMS code sent to your registered phone number. Then, click on CONFIRM AND CONTINUE.

  5. If the SMS verification is successful, two-factor authentication is enabled.

To activate 2FA for the MT5 platforms, you must first activate two-factor authentication for the trading platforms in the Client Zone. Once finished, you can use either the MT5 desktop or the MT5 mobile app to activate 2FA for the MT5 platform.

If you choose to activate 2FA via the MT5 mobile app, the app itself will serve as an OTP (one-time password) generator device. That means you will not need to use Google authenticator to log in to the MT5 platforms. If you mainly use the MT5 desktop platform, we recommend activating 2FA via MT5 desktop.

  1. Log in to the MT5 desktop platform.

  2. Scan the QR code using Google authenticator, enter the code and click on Enable 2FA.
Depending on your device type, the UI experience may vary.

  1. Log in to the MT5 mobile app.

  2. If you see a window on a security issue, click on Bind.

  3. On the next window, click on OK.

  4. Read and accept the warning. Then, click on OK.

Once successfully bound, you can use the MT5 mobile app as an OTP generator for MT5 desktop and web. To find codes, follow these steps:

  1. Go to Settings>Security>OTP.

  2. Alternatively, you can click on the menu icon in the top left corner and select your account. Then, click on the shield icon in the top right corner.

  3. If not done before, you must set up your validation code.

Clients must take the following steps:

  1. Log in to the Client Zone using your email address and password.

  2. Enter the code from the Google authenticator. Next, click on GO NEXT. This step completes your login and successfully signs you in.

  1. On the login window, enter your login, password and the code from the Google authenticator or the MT5 mobile app. Then, click on OK.

  1. Go to MT5 Web Platform for Live and Demo accounts.

  2. Select your account on the left.

  3. Enter the code from the Google authenticator or the MT5 mobile app. Then, click on Connect to account.
The following steps describe the sign-in process for the MT5 mobile app if 2FA was activated for the MT5 platform via the MT5 desktop. If 2FA was activated via the MT5 mobile app, the One-time password field will not be available.
Depending on your device type, the UI experience may vary.

  1. On the login window, enter your login, password and the code from the Google authenticator. Then, click on SIGN IN.

  1. Log in to the Client Zone using your email address and password.

  2. In the Passwords and security section, go to Two step verification (2FA).

  3. In the Client zone section, click on the toggle button to deactivate Two-factor Authentication.

  1. Log in to the Client Zone page using your email address and password.

  2. In the Passwords and security section, go to Two step verification (2FA).

  3. In the Trading platforms section, click on the toggle button to deactivate two-factor authentication for trading platforms.

  4. Enter the SMS code sent to your registered phone number. Then, click on CONFIRM AND CONTINUE.

  5. If the SMS verification is successful, two-factor authentication is disabled.

To deactivate 2FA for the MT5 platforms, you must deactivate two-factor authentication for Trading platforms in the Client Zone. Once finished, two-factor authentication is disabled for MT5 platforms.

Contact our customer support for assistance in getting access to your account.