Two-Factor Authentication (2FA) adds an extra layer of security to your Kolo account. When enabled, you'll need both your password and a one-time code from an authenticator app to log in or confirm sensitive actions.
Why Enable 2FA?
Protects your account even if your password is compromised
Secures sensitive actions like viewing card details and confirming online payments
Gives you full control over your account security
β οΈ We strongly recommend enabling 2FA for all Kolo users. It's one of the most effective ways to protect your funds and personal data.
How to Set Up 2FA
What You'll Need
A smartphone with an authenticator app installed (e.g. Google Authenticator, Authy, or Microsoft Authenticator)
Step-by-Step
Open the Kolo app and go to Profile β 2 Factor Authentication
Tap Enable 2FA button
Open your authenticator app and scan the QR code (or enter the secret key manually)
Enter the 6-digit code displayed in the authenticator app
2FA is now active on your account β
π Important: Save your QR code or secret key in a safe place. If you lose access to your authenticator app without a backup, you'll need to go through a recovery process with our support team.
After Enabling 2FA
Once activated, you can choose which actions require additional verification:
Authorization
Sending funds
Viewing card details
β οΈ For maximum security, we recommend keeping 2FA enabled for all available actions.
How to Disable 2FA
If you have access to your authenticator app, you can disable 2FA at any time:
Go to Profile β 2 Factor Authentication
Tap Disable 2FA
Enter the 6-digit code from your authenticator app
2FA will be turned off
After disabling, you can re-enable 2FA using a new device or authenticator app by following the setup steps above.
π‘ Note: When you re-enable 2FA, a new secret key is generated. You will need to scan the new QR code - previously saved authentication codes will no longer work.
Recovery β Lost Access to Authenticator App
If you no longer have access to your authenticator app (e.g. lost or broken phone), follow these steps:
If You Have Completed KYC
Contact Kolo Support.
Our team will initiate an identity verification process to confirm your account ownership
Complete the verification as instructed by the support team
Once verified, 2FA access will be reset
Log in and set up 2FA again
If You Have Not Completed KYC
Contact Kolo Support and provide:
Your contact details (phone, Telegram, email)
Approximate date your account was created
Our team will verify the information against your account records
Once confirmed, 2FA will be disabled
Log in and set up 2FA again
β³ Recovery timeline: Most 2FA reset requests are processed within 72 hours after identity verification is complete.
Tips for Staying Secure
Back up your authenticator β apps like Authy, Google Authenticator support cloud backups, so you won't lose your codes if you change phones
Don't share your codes β Kolo support will never ask for your 2FA code
Update your recovery info β keep your email and phone number up to date so you can always reach support if needed
FAQ
Why is Kolo asking me for 2FA?
Why is Kolo asking me for 2FA?
2FA protects your account from unauthorized access. Even if someone gets your password, they can't log in or confirm protected actions without the one-time code from your authenticator app. Kolo may require 2FA for certain actions to keep your funds, cards, and personal data secure.
Why is my 2FA code not working?
Why is my 2FA code not working?
This usually happens for one of these reasons:
The code has expired
The time on your phone is out of sync
You entered the wrong code
The wrong account is selected in your authenticator app
2FA was previously reset and the old code is no longer valid
Try the following:
Enter the newest 6-digit code shown in your authenticator app
Make sure the code is entered before it expires
Check that your phone's date and time are set automatically
Confirm you're using the correct Kolo 2FA entry in the authenticator app
βIf the code still doesn't work, contact our support team.
I entered the correct code, but it still fails. What should I do?
I entered the correct code, but it still fails. What should I do?
First, make sure your device time is set automatically in your phone settings. Authenticator apps depend on accurate time synchronization. If that doesn't help, try generating a new code and entering it again. If you still can't pass verification, contact Kolo Support for help.
Can I turn off 2FA only for some actions?
Can I turn off 2FA only for some actions?
Yes. After enabling 2FA, you can choose which actions require additional verification. For example, you may keep 2FA enabled for authorization and sending funds, but disable it for viewing card details if that option is available in your settings. We recommend keeping 2FA enabled for all available actions whenever possible.
How do I disable 2FA for only part of the actions?
How do I disable 2FA for only part of the actions?
Go to Profile β 2 Factor Authentication and review the list of protected actions. From there, you can adjust which actions require a 2FA code. If you want to remove 2FA completely, use the Disable 2FA option.
Can I receive 2FA codes by SMS or email?
Can I receive 2FA codes by SMS or email?
No. Kolo uses codes generated in an authenticator app. This is more secure than SMS or email because the code is generated directly on your device.
What happens if I change my phone?
What happens if I change my phone?
If you still have access to your current authenticator app, disable 2FA first or move your authenticator accounts to your new device before resetting or replacing your phone. If you lose access before doing that, you'll need to go through the recovery process with Kolo Support.
Can I use the same old QR code after resetting 2FA?
Can I use the same old QR code after resetting 2FA?
No. Each time 2FA is set up again, a new secret key and QR code are generated. Previously saved codes will stop working.
Will Kolo Support ever ask for my 2FA code?
Will Kolo Support ever ask for my 2FA code?
No. Kolo Support will never ask for your 6-digit 2FA code. If anyone asks for it, don't share it.