If your Grey password was stolen tomorrow, would your account still be safe? With two-factor authentication (2FA) enabled, the answer is yes. This guide covers everything you need to know: what 2FA is, how it works, which apps to use, how to set it up on Grey, and what to do when something goes wrong.
What is Two-Factor Authentication (2FA)?
Two-factor authentication is a security method that requires two separate factors for access to an account. The first factor is something you know, your password or PIN. The second factor is something you have, usually a one-time code generated by an app on your phone.
The logic is simple. A password can be stolen through phishing, data breaches, or guessing. But a time-sensitive code tied to your specific physical device cannot be stolen remotely. Even if someone has your email and password, they cannot access your account without the second factor.
For a financial account that holds USD, GBP, and EUR balances, 2FA is not optional. It is the single most effective security measure you can enable.
How does 2FA work?
When you log in to a 2FA-protected account, the process works like this:
You enter your email and password as usual.
The platform detects that 2FA is enabled on your account.
It asks you for a second verification code.
You open your authenticator app on your phone. It displays a six-digit code that changes every 30 seconds.
You enter the code. If it matches, access is granted.
The code is generated using the current time and a secret key that was shared between your phone and Grey when you first set up 2FA. That key never leaves your device. Someone trying to access your account from another location cannot generate the correct code, even if they know your password.
Types of Two-Factor Authentication
Not all 2FA is equal. Here are the main types and how they compare:
Type | How it works | Security level | Works without signal? |
Authenticator app | App generates a time-based code every 30 seconds | High | Yes |
SMS code | Code sent to your phone number via text | Medium | No |
Email code | Code sent to your email address | Medium | No |
Biometric | Fingerprint or face scan on your device | High | Yes |
Hardware key | Physical device (e.g. YubiKey) plugged into your computer | Very high | Yes |
Grey uses an authenticator app-based 2FA. This is the most practical high-security option for a mobile-first financial product. SMS-based 2FA is more vulnerable to SIM-swapping attacks, in which someone convinces your network provider to transfer your number to a new SIM card they control.
Which Authenticator app should you use?
Any standard TOTP (Time-based One-Time Password) authenticator app works with Grey. These are the three most commonly used:
Google Authenticator
Free, simple, and works offline without a data connection or SIM card. Available on iOS and Android. Does not require a Google account to use. The main limitation is that if you lose your phone, your codes are gone unless you transferred them before switching devices.
Authy
The best option if you want protection against phone loss. Authy stores an encrypted backup of your 2FA codes in the cloud. If you lose your phone, reinstall Authy, log in with your phone number, and your codes will be restored. Strongly recommended for financial accounts.
Microsoft Authenticator
Works well if you already use Microsoft products. Supports encrypted cloud backup similar to Authy. A solid choice if you are already in the Microsoft ecosystem.
Recommendation: Use Authy if account recovery matters to you. Use Google Authenticator if you want the simplest option and are confident you will not lose your phone.
How to set up 2FA on Grey
Before you start, download one of the authenticator apps above from the App Store or Google Play. Once it is installed:
On the Grey mobile app
Open the Grey app and tap More at the bottom of the screen.
Scroll to the Security section and tap Two Factor Authentication.
Select the Authenticator App as your method.
Open your authenticator app and scan the QR code displayed on screen. If you cannot scan it, tap Enter setup key manually and type in the code shown.
Your authenticator app will generate a six-digit code. Enter it in Grey and tap Enable.
2FA is now active. Every time you log in to Grey, you will be asked for a code from your authenticator app after your password.
On the Grey website
Log in to grey.co, then click the settings icon in the top-right corner.
Navigate to Security and select Two Factor Authentication.
Follow the same steps from point 3 above.
What to do if your 2FA code is not working
This is the most common issue people run into. In most cases, it is one of these four things:
1. The code expired before you entered it.
Codes change every 30 seconds. If you copy the code right before it expires, it will be invalid by the time Grey checks it. Wait for the next code and enter it immediately.
2. Your phone clock is out of sync.
Authenticator apps generate codes using the current time. If your phone clock is even a few seconds off from the real time, the code will not match. Fix this by enabling automatic time sync:
Android: Settings > General management > Date and time > Automatic date and time
iPhone: Settings > General > Date and Time > Set Automatically
3. You are entering the code from the wrong account.
If you have multiple accounts saved in your authenticator app, check that you are copying the code from the Grey entry, not another account in the same app.
4. The 2FA setup was not completed correctly.
If the code has never worked since you set up 2FA, the setup may not have been saved correctly. Disable 2FA in your Grey account settings and set it up again from the beginning.
What to do if you lose access to your Authenticator app
Losing your phone without transferring your authenticator codes is the most stressful 2FA situation. Here is how to handle it depending on the app you use.
If you use Authy
Reinstall Authy on your new phone and log in with the same phone number you registered with. Your encrypted codes will be restored automatically. This is why Authy is recommended for financial accounts.
If you use Google Authenticator
If you previously exported your accounts (Settings > Transfer accounts > Export accounts) to another device or saved a screenshot of your QR codes, you can restore from those. If you did not do this, your codes are gone from Google Authenticator.
If you cannot recover your codes
Contact Grey support through the Grey app or at [email protected]. The support team will verify your identity through alternative means (such as identity documents, account history, and other checks) and help you disable your 2FA so you can reset it. Do not create a new account. Contact support first.
How to disable 2FA on Grey
You may need to disable 2FA temporarily when switching phones or changing authenticator apps. Please reach out to [email protected] to disable your 2FA. If you disable 2FA while switching phones, do not leave it disabled for longer than necessary. Your account is less secure without it.
Why 2FA matters more for financial accounts
Most people enable 2FA on social media accounts because they have seen others get hacked. Financial accounts are a different level of risk. Grey holds your actual money balances (USD, GBP, and EUR) and transaction history. Unauthorised access to a social media account is embarrassing. Unauthorised access to a financial account can result in direct financial loss.
Grey also processes international transfers. An attacker who gains access to your account without 2FA could initiate withdrawals or transfers before you notice. With 2FA enabled, even a compromised password does not give an attacker access to your funds.
Enable 2FA. Set it up today if you have not already. The five minutes it takes is worth it.
Managing 2FA across multiple devices
If you use Grey on both your phone and a tablet, you do not need to set up 2FA on each device separately. The 2FA code is generated by your authenticator app and entered on whichever device you are logging in from. The authenticator app only needs to be installed on one device.
If you want the authenticator app on multiple devices for convenience, Authy supports this natively. You can add multiple devices to the same Authy account, and codes will sync across all of them.
Frequently Asked Questions
What is two-factor authentication (2FA)?
Two-factor authentication (2FA) is a security method that requires two separate factors for access to an account. The first factor is your password. The second factor is a one-time code generated by an authenticator app or sent via SMS. Even if someone steals your password, they cannot access your account without the second factor.
Is 2FA mandatory on Grey?
2FA is not mandatory on Grey, but it is strongly recommended. Grey holds your foreign currency accounts, and any account without 2FA is more vulnerable to unauthorised access.
Which authenticator app should I use with Grey?
Google Authenticator, Authy, and Microsoft Authenticator all work with Grey. Authy is the best option if you want cloud backup of your codes, so you can recover them if you lose your phone.
What do I do if my 2FA code is not working?
The most common cause is a phone clock that is out of sync. Go to your phone settings and enable automatic time sync. If the problem persists, wait for the code to refresh (it changes every 30 seconds) and try again. If it still does not work, contact Grey support through the app.
What do I do if I lose access to my authenticator app?
Contact Grey's support team through the Grey app or at [email protected]. The support team will verify your identity and help you regain access. If you use Authy, you can restore your codes by reinstalling the app and logging in with your phone number.
How do I disable 2FA on Grey?
Please reach out to [email protected] to disable your 2FA.
What are backup codes, and does Grey support them?
Backup codes are one-time-use codes you save when setting up 2FA, to use if you lose access to your authenticator app. Grey's current 2FA implementation uses authenticator apps. If you lose access, contact Grey support directly for account recovery.
Why does Grey ask for a 2FA code when I have already logged in?
Grey may prompt for a 2FA code when logging in from a new device, changing sensitive account settings. This is a security measure to confirm that it is you performing the action and not someone who has accessed your session.