What is two-factor authentication (2FA) and why is it mandatory?
2FA, or Two-Factor Authentication, is a method of securing an account by requiring the use of two different factors to confirm the Client's identity. Instead of relying only on a password (one factor), 2FA adds an additional level of security.
Within XTB, there are three available authentication methods.
The first option is authentication via an SMS code sent to the Client’s phone number.
The second option is TOTP: Starting from July 14, 2025, XTB clients will also be able to use a new authentication method – Time-Based One-Time Password (TOTP). This method involves generating one-time codes in popular applications such as Google Authenticator, Microsoft Authenticator, or Apple Passwords, which are then used to verify the user’s identity. Its main advantages include enhanced security – as it is not dependent on the mobile network – as well as speed and convenience.
The third option is authentication via an code sent to the Client’s registered email address.
How do I enable or change 2FA in the mobile app and web platform?
2FA can be launched from the xStation platform (browser version) and from the mobile application.
To launch 2FA in the mobile application, click the Profile icon in the upper left corner -> Security -> Two-Factor Authentication.
Select your preferred method:
SMS – enter your phone number and confirm the action using the code sent via SMS.
TOTP – install an authentication app (e.g., Google Authenticator or Microsoft Authenticator), then copy and paste the key into the app or scan the displayed QR code. The generated 6-digit code will be used to access your account.
![]() | ![]() | ![]() |
To enable 2FA on the xStation platform, click the three lines in the upper right corner -> Settings -> Two-Factor Authentication:

What to do if you don't have access to your phone or authentication app (TOTP)?
If you've changed your phone number, lost your device with an authenticator app, missed your backup codes, or are otherwise having difficulty accessing your account (e.g., not receiving authorization text messages), you won't be able to change your settings yourself. In such a situation, you should immediately contact our customer service by phone. For security reasons, resetting 2FA methods and updating your contact information requires direct identity verification by a member of our staff over the phone.
How to add a device to the trusted devices list?
When you log into the XTB mobile app for the first time after setting up Two-Factor Authentication, you will be asked if you want to add this device to the trusted devices list. If you accept, you will not need to enter a verification code the next time you log in using this device.
![]() | ![]() | ![]() |
Trusted Devices and Browsers List
You can verify trusted devices and browsers directly within the XTB mobile app. Open the XTB mobile app and tap the profile icon in the upper left corner. Then, go to the Security tab. Select Two-Factor Authentication (2FA). At the bottom of the screen, you will see a list of Trusted Devices and Browsers.
You can remove a trusted device or browser from the list at any time.
After removal, 2FA will be required on your next login from that device/browser.
If you still need help with your question,





