Our clients are free to use any mobile app-based authenticators supporting QR codes. These apps provide greater peace of mind than 2FA based on SMS one-time passwords, which are vulnerable to SIM-swap attacks and other exploits. They also work whether you have mobile connectivity or not.
Our recommended app is the very widely accepted Google Authenticator. Like other such apps, it generates 6-digit verification codes for manual entry into our app or website after the standard username and password have been provided.
Note: BVNK uses QR codes to activate 2FA on clients' accounts, so we do not currently support hardware security keys. If you use security keys, check whether your provider has a compatible authenticator app.
Holders of most YubiKeys can, for example, use them in tandem with Yubico Authenticator, thus combining superior security with the wider applicability of app-based solutions.