Account Security 101: 2FA & KYC Explained

Introduction

Two account-level controls determine how secure your MC Markets account actually is: Two-Factor Authentication (2FA), which protects login and operations from unauthorized access, and KYC verification, which establishes your identity within the platform's compliance framework. Both are quick to set up, both pay back the time investment many times over, and both should be done early in your onboarding — not after something has gone wrong.

This guide walks through what each one does, how to set up 2FA with Google Authenticator, and how the L0 / L1 / L2 KYC tier system works.

1. Two-Factor Authentication (2FA)

Why Enable It

For optimal asset security, MC Markets strongly recommends enabling Two-Factor Authentication (2FA).

2FA requires a second proof of identity beyond your password — typically a time-based code generated by an authenticator app on your phone. Even if someone obtains your password through phishing, malware, or a breach of an unrelated service, they still cannot log in or perform sensitive operations without the rotating code on your physical device.

This single setting eliminates the most common category of account compromise. Enable it the moment you create your account.

How to Set It Up

1. Download an authenticator app. Google Authenticator is the recommended option; any compatible TOTP app (Authy, 1Password, etc.) will also work.
2. On the MC Markets website, go to User Center → Complete Google Authenticator Binding — the page will display a QR code.
3. Scan the platform-provided QR code with your authenticator app to bind it to your MC Markets account.
4. Enter the rotating code to confirm the binding.

Once bound, the app will display a fresh 6-digit code every 30 seconds. You'll need this code for sensitive operations — adding an extra security check that prevents unauthorized access to your account.

A Few Best Practices

• Use an authenticator app, not SMS. SMS-based codes can be intercepted via SIM-swap attacks; app-based TOTP cannot.
• Save your backup codes when prompted during setup. If you lose your phone, these are how you get back into your account.
• Don't share your QR code or backup codes with anyone. Anyone holding them can bypass 2FA on your account.

2. KYC: The L0 / L1 / L2 Tier System

KYC (Know Your Customer) is the identity-verification process required by financial regulators across major jurisdictions — covered in detail in the Legal & Privacy guide. MC Markets implements KYC as a three-tier system:

• L0 (Basic Verification): Full name, region of residence, nationality, ID type, ID number and expiry date.
• L1 (Document Verification): Upload a government-issued ID card, passport, or driver's license.
• L2 (Facial Verification): Complete facial recognition.

Each tier corresponds to a deeper level of identity verification — and a correspondingly broader set of capabilities and limits available to you. Specific requirements, document types, and capability differences for each tier are published on the platform's account-verification pages — always check there for the most current details.

L0 verification is usually processed quickly. Higher verification tiers may take longer to review. You will be notified through the platform once the verification is completed.

Cryptocurrency trading (contracts and spot) does not require KYC. RWA assets — forex, gold, silver, indices, crude oil, and US stocks — require L0 Basic Verification. Specific requirements are subject to the platform’s verification page.

Why Tiered KYC Exists

Three reasons:

• Regulatory compliance. International AML and counter-terrorism-financing rules require platforms to verify user identities, especially as transaction volumes grow.
• User protection. Verified accounts are less attractive targets for fraud and harder to compromise via social engineering.
• Progressive friction. Tiered KYC means a casual first-time user isn't asked for full document verification on day one — but a serious trader can step up as their needs grow.

For details on MC Markets' broader regulatory framework — FSA regulation, AML compliance, and restricted regions — see the Legal & Privacy guide.

3. The Two-Layer Mental Model

A useful way to think about MC Markets' account security:

• 2FA protects the account-access layer. It answers: "Is the person trying to log in or transact actually you?"
• KYC tier defines the platform-trust layer. It answers: "What level of activity is this verified identity authorized to perform?"

Both are necessary; they protect against different things. 2FA without KYC leaves you with a verified login but limited platform capability; KYC without 2FA leaves you with full capability but a vulnerable login. The right setup is to have both.

Forgot your Fund Password? Click [Reset], complete verification via email or Google Authenticator, and set a new password. After a successful reset, the account will enter a 24-hour withdrawal lock period (subject to real-time display on the page and final system settlement).

Why can't I withdraw after modifying security settings? Any changes to your Fund Password, Google Authenticator, or email binding will trigger a 24-hour withdrawal lock period to safeguard your funds (subject to real-time display on the page and final system settlement).

4. Quick Recap

Why do wallet users need to bind an email? Binding an email is used to unlock 2FA and other security features, ensuring the security of your account.

The four ideas worth keeping:

• Enable 2FA the moment you create your account. Use Google Authenticator (or a compatible TOTP app) — scan the platform-provided QR code, enter the rotating code, save your backup codes.
• 2FA blocks unauthorized access even if someone gets your password — the single highest-impact security action you can take.
• KYC operates as an L0 / L1 / L2 three-tier system. Higher tiers unlock broader capabilities; specific requirements are on the platform's verification pages.
• 2FA and KYC protect different things — both should be set up early, not after a problem.

Risk Disclosure

The 2FA and KYC mechanics described here reflect MC Markets' current implementation and may be updated; always check the official documentation for the most current procedures, document requirements, and tier capabilities. For details on the platform's broader regulatory framework, see the Legal & Privacy guide. Trading on the platform involves substantial risk; trade only with capital you can afford to lose.