Two-factor authentication (2FA)

Two-factor authentication (2FA) is a mandatory regulatory requirement (effective 12 September 2025) for clients to access their OANDA account and it adds an extra level of security when you sign in to the HUB, OANDA's trading platforms, TradingView, or MetaTrader from either your computer or mobile device. It is designed to prevent unauthorised users from accessing your account with a stolen password. As this is a regulatory requirement, clients will not be able to disable 2FA once it has been enabled for their accounts from 12 September 2025.

In compliance with our regulatory obligations, clients will not be able to access their OANDA account from 12 September 2025 if they do not enable 2FA. In order to regain access to their OANDA accounts, clients will need to enable 2FA.

OANDA is making reasonable efforts to notify clients of this new regulatory requirement through various communication channels. Please note that it is the client’s responsibility to ensure that 2FA is enabled to meet the new regulatory requirements effective 12 September 2025. We wish to inform you that OANDA will not be liable for any disputes or losses arising from a client’s inability to access their OANDA account because they have not enabled 2FA by 12 September 2025.

HUB, OANDA platforms and TradingView: Two-factor authentication for these platforms is managed directly within the HUB portal. Once enabled, you will need to authenticate every time you log in (unless you have selected the Remember this device for 30 daysoption) to either the HUB, OANDA platforms or TradingView, ensuring your account information and trading activity are secure.

MetaTrader platforms: For MetaTrader platforms, two-factor authentication is a separate process. You must enable this feature directly within the MetaTrader platform to secure that specific login.

Google Authenticator is a mobile application that allows you to generate one-time codes on your smartphone without a network connection. Google Authenticator is available for Android phones, iPhones and most tablets. Download the Google Authenticator app from your device's app store.

As an alternative to a separate app like Google Authenticator, the Passwords app on iOS is a built-in password manager that allows you to securely store, manage, and share passwords, passkeys, and verification codes across Apple devices.

The MetaTrader 4 (MT4) mobile applications for both Android and iOS include a native one-time password (OTP) generator.
Do not use the 'back' button on your browser during the setup process. If you do, the one-time password will not work and you will be required to rescan the QR code to complete setup.

  1. Log in to the HUB.

    • If the demo and live account email addresses are different, use your respective credentials to sign in to the required account.

    • If the demo and live account email addresses are the same, your accounts are linked. You must use the live account password to sign in.

    • Passwords are case sensitive and special characters are accepted.

  2. A new window appears to activate two-factor authentication

  3. Select one of the following options and follow the steps:

    1. Scan the QR code using Google Authenticator.

    2. Enter the one-time code from Google Authenticator.

    3. Click on Continue.

    4. Go to step 4.

    1. Copy the key code to Google Authenticator.

    2. In Google Authenticator, tap on the plus icon in the bottom-right corner.

    3. Tap on Enter a setup key.

    4. Enter the Code name (for example, OANDA) and paste the code into the Your key field. You can leave the Type of key field as Time based.

    5. Once successfully added, copy the one-time code from Google Authenticator to the HUB.

    6. Click on Continue.

    7. Go to step 4.

    1. Scan the QR code using your camera.

    2. Tap on Add Verification Code in “Passwords”.

    3. In the Passwords app, select the OANDA account.

    4. A verification code appears below the Username and Password fields.

    5. Enter the verification code from the Passwords app to the HUB.

    6. Click on Continue.

    7. Go to step 4.

    1. Copy the key code to the Passwords app.

    2. In the Passwords app, tap on Codes.

    3. Tap on the plus icon in the bottom-right corner.

    4. Paste the code.

    5. Tap on Use Setup Key.

    6. Select the OANDA account.

    7. A verification code appears below the Username and Password fields.

    8. Once successfully added, copy the one-time code from the Passwords app to the HUB.

    9. Click on Continue.

    10. Go to step 4.

  4. Copy the key code so you could retrieve it in future.

  5. Enter the one-time code from Google Authenticator or the Passwords app to the field and click on ACTIVATE 2FA.

    A one-time password can be used only once. If you use the same one-time password twice, you will encounter an error. If you see an error, wait for the authenticator app to show a new one-time password and enter it.

  6. Two-factor authentication is enabled. Click on Go to OANDA HUB to get redirected to the HUB.

To activate 2FA for the MT4 platform, you must bind your MT4 trading sub-account with the one-time password (OTP) generator in the MT4 mobile app. You can bind an unlimited number of MT4 sub-accounts to the OTP generator in the MT4 mobile app.

It is important to note that you cannot enable 2FA through the MT4 desktop app. When you try to log in to the MT4 desktop app with no 2FA enabled, in Terminal at the bottom, you can see a message that the OTP is required.

The MT4 mobile app itself will serve as an OTP generator device. That means you will not need to use Google Authenticator to log in to the MT4 platforms.

  1. Log in to the MT4 mobile app.

  2. A new window appears. Tap on Bind.

    If you tap on Cancel, close and restart the MT4 mobile app. Then, go back to step 1.

  3. If your MT4 trading sub-account is successfully bound to the OTP generator, a success message window appears. Click on OK.

Every time you access the OTP generator, you must enter a validation code. To set the validation code, follow these steps:

  1. Tap on the shield icon in the top-right corner.

  2. Set the four-digit validation code.

  3. Repeat the validation code.

  4. See the one-time password.

    • The Change password button enables you to change the validation code to access the OTP generator.

    • The Synchronize time button enables you to synchronize the time of your mobile device with the reference server. One-time passwords are time-sensitive, requiring synchronized time between you and the server for accuracy.

  1. Log in to the MT4 mobile app.

  2. A new window appears. Tap on OK.

    If you tap on Read More, close and restart the MT4 mobile app. Then, go back to step 1.

  3. Enter the server name, the account login and the master password.

  4. Tap on the Bind button located in the top-right corner.

  5. If your MT4 trading sub-account is successfully bound to the OTP generator, a success message window appears.

Every time you access the OTP generator, you must enter a PIN. To set the PIN, follow these steps:

  1. In the Settings tab, tap on OTP.

  2. Set the four-digit PIN.

  3. Repeat the PIN.

  4. See the one-time password.

    • The Change PIN button enables you to change the PIN to access the OTP generator.

    • The Synchronize Time button enables you to synchronize the time of your mobile device with the reference server. One-time passwords are time-sensitive, requiring synchronized time between you and the server for accuracy.

Once successfully bound, the MT4 mobile app will function as an OTP generator for MT4 desktop login.

  1. Log in to the HUB.

    • If the demo and live account email addresses are different, use your respective credentials to sign in to the required account.

    • If the demo and live account email addresses are the same, your accounts are linked. You must use the live account password to sign in.

    • Passwords are case sensitive and special characters are accepted.

  2. Enter the code from Google Authenticator or the Passwords app and click on Continue.

  1. On the login window, enter your login, password, server and the one-time password. Then, click on Login.

To find the one-time password, select your device type and follow the steps:

  1. Log in to the MT4 mobile app.

  2. Tap on the shield icon in the top-right corner.

  3. Enter the validation code.

    If you do not remember the validation code, you must reinstall the MT4 mobile app and repeat the binding process.

  4. See the one-time password.

  1. Log in to the MT4 mobile app.

  2. In the Settings tab, tap on OTP.

  3. Enter the PIN code.

    If you do not remember the PIN code, you must reinstall the MT4 mobile app and repeat the binding process.

  4. See the one-time password.
Depending on your device type, the UI experience may vary.

  1. On the login window, enter your login, password and server. Then, click on SIGN IN.

    The one-time password during logging in to the MT4 mobile app is not required because the OTP generator is built into the app.

Two-factor authentication (2FA) is a mandatory regulatory requirement effective 12 September 2025. From 12 September 2025 onwards, you will not be able to deactivate 2FA. For more information, refer to this section.

Contact our customer support for assistance in getting access to your account.