To be able to perform privileged actions in your Bullish account, you must set up a two-factor authenticator. We recommend having more than one authenticator for added security in the event you lose access to one of your authenticators.
You can link or remove an authenticator at any time, but you must have at least one linked authenticator.
When using WebAuthn, you can add a passkey, such as your laptop’s built-in biometric sensor or smartphone’s Face ID, and an external hardware passkey, such as a YubiKey®.
When using a TOTP Authenticator, you can add authenticator apps such as Google Authenticator and Authy.
Adding a new TOTP authenticator
To add a new TOTP authenticator:
- Go to https://exchange.bullish.com/login and log in to your account.
- Choose Settings in the left-hand navigation.
- Navigate to Security.
-
Choose Add Authenticator.
-
In the pop-up window, you will be given prompts on how to set up your two-factor authentication. Note that you will be asked to verify this action. If you do not have a 2FA already set up, you will receive a verification code in your email which you will need to enter in the verification window.
-
Save your secret recovery key. Select I've saved my secret recovery in a secure place. You will need this secret key if you need to recover your TOTP authenticator.
-
Choose Continue.
Adding a new passkey
To add a new passkey:
- Go to https://exchange.bullish.com/login and log in to your account.
- Choose Settings in the left-hand navigation.
- Navigate to Security.
- Choose Add Passkey.
- Name your new passkey and choose CONTINUE.
- In the passkey registration pop-up window, choose Continue if you are using biometrics such as Face ID or a fingerprint. If you wish to use a different passkey method, choose Use a different device. Note: This terminology is specific to Google Chrome and may be different on another browser.
- You will be asked to verify the action of adding a new passkey. If you do not have a 2FA already set up, you will receive a verification code in your email which you will need to enter in the verification window.
Trouble connecting your passkey?
Your passkey may fail to connect to your account if your software/hardware has not been updated. For mobile devices, make sure that you are running the latest versions for:
-
Android - Version V7+ and SDK levels 24-29+
-
iOS - Version 14.2+.
If the previously registered two-factor authenticator(s) cannot be accessed, or your new two-factor authenticator was rejected, please reach out to our Customer Support for assistance.
Unlinking a two-factor authenticator
If you will no longer use one of your two-factor authenticators to log into your Bullish account and you still have access to that passkey or TOTP authenticator, we recommend you unlink it first for security reasons. Remember that you must always have at least one linked two-factor authenticator at all times.
To unlink a two-factor authenticator:
- Go to https://exchange.bullish.com/login and log in to your account.
- Choose Settings in the left-hand navigation.
- Choose Security.
- Find the passkey or TOTP authenticator to be unlinked and choose Remove.
- Confirm the statement by choosing Yes, Continue.
- Use your passkey or TOTP authenticator to confirm the action.
If you removed a passkey in error, you can link it to your account again.
Linking one authenticator to multiple accounts
There is no restriction on the number of accounts associated with one passkey.
Viewing your registered two-factor authenticators
To see your registered 2FAs:
- Go to https://exchange.bullish.com/login and log in to your account.
- Choose Settings in the left-hand navigation.
- Choose Security.