Two-Factor Authentication in Tonkeeper Pro
Tonkeeper introduces an on-chain innovation that raises the bar for wallet security across the crypto space: Telegram-based Two-Factor Authentication (2FA) for TON wallets.
This isn’t a patched-on layer of security. It’s built into the transaction flow itself—making 2FA both powerful and seamless.
How It Works
When you enable 2FA in Tonkeeper Pro, every transaction requires two approvals:
- One from your Tonkeeper wallet
- One from your connected Telegram account
After initiating a transaction, a Telegram bot (@tonkeeper) sends you a message with buttons to approve or cancel. If you don’t approve, the transaction doesn’t go through.
There are no codes to copy, no app switching, and no added complexity. Just clear control, built into how you already use TON.
Getting Started
To enable 2FA: Open Tonkeeper Pro → Go to Settings → Select your wallet → Tap Two-Factor Authentication → Connect to the @tonkeeper bot → Confirm the installation transaction.
You can turn 2FA on or off at any time. It’s completely self-custodial and fully optional.
2FA works with the modern W5 wallet standard introduced by Tonkeeper in 2024. It adds protection without introducing friction—exactly how security should work.
What You Need to Know
- 2FA doesn’t recover your secret phrase
- Once enabled, the same wallet won’t work on other devices
- 0.15 TON is required to install or uninstall 2FA
- Tonkeeper Battery and gasless transactions are not compatible with 2FA
2FA is part of a growing toolkit in Tonkeeper Pro—built for users who want more control over their funds. Alongside features like multi-send, multisig, multi-account support, and TRC20 USDT support without TRX, Tonkeeper continues to push toward secure, flexible, everyday crypto use.
Tonkeeper Two-Factor Authentication FAQ
Why on-chain?
2FA is baked right into W5 wallet as a smart contract extension, not just the client software, like many other wallets do. This means that it can be supported by any wallet — there is no vendor lock-in. But more importantly, it cannot be circumvented by someone using an API or writing a clever script that connects directly to the blockchain network.
Why Telegram?
Telegram with its bot platform is a great way to deliver an interactive notification. It is also the safest one. Telegram has great protections against account hijacking, in total contrast to SMS that is terribly insecure.
Telegram is not going to be the only option. Our 2FA architecture supports many different ways to deliver 2FA messages and we will add alternative options in the future.
What if something happens?
Tonkeeper stands for freedom and self-custody. That's why our approach to 2FA keeps full control in users' hands: you always have complete access to your wallet with your recovery phrase.
2FA is designed so Tonkeeper can never lock you out. If something happens to your Telegram account, or our entire infrastructure, then you can recover access to your wallet with just your recovery phrase. But you need to wait out a safety period of 2 weeks.
The same goes for someone who steals your recovery phrase: your Telegram account will protect you against theft, while attempts to disable 2FA will show an alert and give you 2 weeks to relocate your funds to a new wallet.
Currently in beta
We are launching this feature as beta to test UX and collect feedback. There are known limitations such as incompatibility with the Battery. We constantly work on improving it and after polishing it further we are going to roll it out to mobile Tonkeeper as well.
Why is it a big deal?
On-chain 2FA sets a new standard of security. Instead of hoping that people will do the impossible and carefully store their recovery keys in a vault, we acknowledge that many store them in note apps, photo libraries, or drawers. Also, the nature of cryptographic material is such that once you leak some, you cannot take it back. Cryptographic secrets are toxic. Tonkeeper 2FA acts as a safety belt for your recovery phrase.
2FA in centralized systems is now a standard and available in most of the online services. The tricky part is to make it work on-chain and keep the user in full control. We achieve this by strategic approach to cryptographic protocols and open standards. When we envisioned W5 over two years ago, we had this feature and many others in mind. As a result, over the past year after release of W5 we have delivered Gasless, Tonkeeper Battery, Massive Multi-Send, and now On-chain 2FA. And many more exciting innovations are ahead of us. 🚀