Two-Factor Authentication

What Is Two-Factor Authentication (2FA)?

Two-Factor Authentication is, as the name would suggest, a second layer of authentication on top of the normal username and password. On Cardmarket, Two-Factor Authentication works by requiring users to input a code that is generated on a device of the users’ choosing. This additional layer of security makes user accounts incredibly secure, as any log-in attempt must be made with the user’s knowledge.

While the most common device used for 2FA is a phone, it is possible to use other devices to receive your 2FA codes. Users on Cardmarket can even customize when 2FA should or should not be required. Two-Factor Authentication has become an extremely common and reliable layer of security all over the internet, especially when money is involved, like on Cardmarket.

We STRONGLY recommend that all users enable Two-Factor Authentication for their Cardmarket accounts. This page explains how to do that, on top of how users can customize the 2FA experience on Cardmarket for their own convenience.


Setting Up Two-Factor Authentication on Cardmarket

Log-in to Your Cardmarket Account

Go to Your Account Page

Click the icon with your username and go to your Account page.

Click on the Security Tab

Click on the Security tab on the left side of your Account page.

You'll find a short description here of what 2FA is and how to set it up.

Download an Authentication App

First, you need to download an Authentication app. Check the table below for several available options, for mobile and desktop devices.

We recommend Google Authenticator or Authy, but you can choose any OTP compatible application.

Add a New Account

Once you have installed the app on our device, you can now add a new account by scanning the QR code provided on Cardmarket.

Enter the Token

Enter the token in the field provided by your app on Cardmarket to activate 2FA for your account.

Customize 2FA

Now that 2FA is active, you can customize the actions that require 2FA on your account. The actions we recommend are pre-set as a default.

You can also manage your trusted devices and deactivate Two-Factor Authentication on your account, though we don't recommend deactivating 2FA.

Finally, if you cant access your account because of 2FA, please follow these instructions:

  1. When asked for your 2FA code, click Contact usto reach our Lost Device page. Here you can send us a message with a valid photo ID and we will deactivate two-factor authentication on your account.

  2. If you have disabled 2FA for log-in, and have lost your device, you can just log-in and go to our Lost Device page to deactivate 2FA.

You can add a trusted device whenever your log into your account with a new device using 2FA. Cardmarket will remember that device for 30 days and you will not need to use 2FA with that device during that period.


Authentication Apps

This is not a comprehensive list of all available applications, but it provides a range of different OTP-enabled Applications that will work on Cardmarket:

Cardmarket Recommends

  1. Google Authenticator - This app generates time-based OTP codes for 2FA.

  2. Microsoft Authenticator - This app offers both time-based OTP codes and push notifications for 2FA.

  3. Authy - Authy has time-based OTP codes, push notifications, and also covers SMS-based two-factor authentication for more flexibility.

  4. LastPass Authenticator - LastPass Authenticator has time-based OTP codes and push notifications, as well as biometric authentication.

  5. Duo Mobile - Duo Mobile has time-based OTP codes, push notifications, and biometric authentication.

2FA Apps For PC / Mac

  1. Yubico Authenticator - Yubico Authenticator is a desktop application that generates time-based OTP codes. Can be installed on Windows, macOS, and Linux.

  2. WinAuth - WinAuth is a free open source Windows-based app that generates time-based OTP codes for 2FA.

  3. OTP Manager - OTP Manager is a browser-based OTP generator that does not require any installation at all. It generates time-based OTP codes that can be used for our 2FA.

Open Source 2FA Apps

  1. FreeOTP - FreeOTP is an open source OTP generator by Red Hat. It generates time-based OTP codes for 2FA

  2. Google Authenticator - Generates time-based OTP codes for 2FA. The code is available on GitHub under the Apache License 2.0.

As you can see, there are many 2FA applications for many different types of devices. Cardmarket is a platform where money is exchanged and the additional few seconds you take for 2FA when logging into your account can genuinely make the difference between a secure account and a hacked account. We recommend that all users, especially sellers, enable 2FA and use it to fully secure their accounts.


If you still have any questions or wish to view your open or closed tickets, please visit the Help Desk.