How to Use Raivo OTP for Two-Step Verification on iOS

Back

Enhance your security with Two-Factor Authentication. Passwords alone won't do the trick.

by Adam Anderson on 26 Jul 2022

What are Two-Factor Authentication and Two-Step Verification?

The security of most online accounts depends on your password. If your password gets leaked or hacked, you're in trouble. With Two-Step Verification, also known as Two-Factor Authentication, you use one additional piece of information to log into your accounts: A one-time use, 6-digit code or token. This means that even if your password is hacked your account will remain protected; the hacker would need access to your login token as well.

Read on to learn about how to set up Two-Factor Authentication, and why you should use a dedicated app for this, as opposed to Text Message or SMS-based login codes.

What is Raivo OTP?

Raivo OTP is a free and open-source app available on the Apple App Store that enhances the security of your online accounts. Using Raivo OTP you can generate one-time login codes on your phone that can be used as a second "factor" or second step of your normal login process.

Typically, when you log into a website or app, you will use a username and password. With Raivo OTP securing your online accounts, you’ll also enter a random 6-digit code each time you want to log in.

These 6-digit random codes are known as Time-Based One-Time Passwords (TOTP). Using TOTP for Two-Factor Authentication (2FA) provides better security than SMS-based one-time codes, because each one is generated offline and is only valid for 30 seconds. After the 30 seconds are up, a new 6-digit TOTP code is provided for you to use.

What is wrong with using SMS to receive one-time login codes?

You may already be familiar with SMS-based (text message) authentication, especially for banking apps and websites: When you log in from a new place, your bank may send you a text message and ask you to verify that you are who you say you are. Effectively, you are proving ownership or control of a phone number when you do this. This approach to security is called ‘SMS-based Two-Factor Authentication’.

The problem, or risk, with this approach is that you may lose access to your phone number, or your phone number may be hacked or 'ported away’ from you. This is called a SIM-swapping attack.

The use of Time-Based One-Time Passwords (TOTP) is preferable for increased security as these are not connected in any way with your phone number. Wherever possible, we recommend you use TOTP instead of SMS to protect your most important accounts.

At Bitcoin Reserve, we require you to set up Two-Factor Authentication using Time-Based One-Time Passwords, for example with Raivo OTP.

We intentionally do not offer the option of setting up SMS-based Two-Factor Authentication due to the risks of SIM-swapping attacks.

How do I set up Raivo OTP?

Download and install Raivo OTP for your iPhone or other iOS device:

 

Enable Two-Factor Authentication for Bitcoin Reserve

  • After verifying your email address, log in with your email and password
  • Next, click ‘Enable Two-Factor Authentication’

  • Click ‘Next’

  • On your phone, open Raivo OTP
  • Click the ‘+’ button to add an account
  • Scan the QR Code shown on the Bitcoin Reserve website
  • If you are setting up Two-Factor Authentication from the same mobile device, instead choose ‘Enter manually’, and then from the website click ‘Click to Copy TOTP Key’. (Paste in the Secret in the designated field. Example Secret format: L3TXYZ123XYZ123XYZ123XYZ123XYMIB )

  • After you have scanned the QR code, you should see a new account listed which includes your email address and the name of the website or account, e.g. Bitcoin Reserve (<youremail@example.com>)



  • Under the Account Name + Email, you’ll see a 6-digit TOTP code. Enter this into the form field on the Bitcoin Reserve website (labeled ‘6 digit code’) and click ‘Next’.

NOTE: The shrinking-bar countdown timer under the TOTP code indicates how much time is remaining before the code will be refreshed. This occurs once every 30 seconds. If you don’t finish entering in the TOTP code prior to its expiration, simply wait and enter the next one that appears in Raivo OTP.


You have now successfully enabled Two-Factor Authentication for your Bitcoin Reserve Account! You will need to open Raivo OTP to get a new TOTP code each time you log in.

TIP: Many email accounts and other online services offer TOTP-based Two-Factor Authentication options. These options will generally be listed under Account or Security-related settings, depending on the site. Raivo OTP can be used for any of these services, if TOTP is an option.