2FA Setup Guide

Configure PGP-based Two-Factor Authentication for Maximum Security

📊 Intermediate ⏱️ 12 minutes 📅 Updated: 2025-11-06

📑 Table of Contents

1. Why Nexus Requires PGP 2FA 2. Prerequisites (PGP Key Required) 3. Initial 2FA Setup Process 4. Login Workflow with PGP Challenge 5. Troubleshooting Common Issues 6. Security Benefits vs TOTP 7. What If I Lose My PGP Key?
1

Why PGP 2FA is Mandatory

Nexus Market requires PGP-based two-factor authentication for all accounts. This is NOT optional - without it, you cannot access the market.

🔐 Critical Security Feature

PGP 2FA protects you even if your password is compromised. Attackers cannot log into your account without your private key, which should never leave your device.

Advantages Over TOTP (Time-Based Codes)

✅ Phishing Protection

Fake phishing sites cannot replicate PGP challenges. If you can't decrypt the 2FA message, you know it's a scam site.

🛡️ No Time Synchronization Issues

TOTP codes expire in 30 seconds and require accurate system clocks. PGP challenges work regardless of time.

🔒 Cryptographically Secure

PGP uses public-key cryptography with 4096-bit keys, providing military-grade protection against brute force attacks.

2

Prerequisites

Before setting up 2FA on Nexus Market, you must have:

🔑 A PGP Key Pair

You need a 4096-bit PGP key pair (public + private keys). If you don't have one yet, read our PGP Encryption Guide first.

Important: Use a pseudonym, not your real name

💻 Kleopatra or GPG Installed

You need software to decrypt PGP messages. We recommend Kleopatra (Windows/macOS) or GPG (Linux).

⚠️ Don't Skip PGP Setup

If you don't understand PGP yet, STOP HERE and read the PGP guide. Setting up 2FA without understanding PGP will lock you out of your account.

3

Enabling 2FA During Registration

Nexus Market requires 2FA setup during registration. You cannot complete registration without it.

Step-by-Step Registration with 2FA

  1. 1 Navigate to Registration: Go to Nexus Market .onion URL → Register
  2. 2 Choose Username: Pick a unique username (not used elsewhere online)
  3. 3 Create Strong Password: Minimum 16 characters, use a password manager
  4. 4 Paste Your Public Key: Export your PGP public key and paste it into the registration form
  5. 5 Complete CAPTCHA: Solve the anti-bot challenge and click "Register"
SUCCESS

After registration, your PGP 2FA is automatically enabled. Every login will require decrypting a PGP challenge.

4

How PGP 2FA Login Works

Understanding the login process helps you identify phishing attempts and troubleshoot issues.

The Login Process

  1. 1
    Enter Username & Password Type your credentials and click "Login"
  2. 2
    Nexus Sends Encrypted Challenge The server displays a PGP-encrypted message block
  3. 3
    Copy the Encrypted Message It starts with -----BEGIN PGP MESSAGE-----
  4. 4
    Decrypt with Your Private Key Use Kleopatra or GPG to decrypt it (enter your passphrase)
  5. 5
    Enter the Decrypted Code Paste the decoded text into Nexus and submit

✅ What the Decrypted Code Looks Like

After decryption, you'll see a random alphanumeric code like:

7K9M2N4P8Q3X5Z1W
5

Testing Your 2FA Setup

After registration, immediately test your 2FA by logging out and logging back in.

⚠️ CRITICAL: Test Before Depositing Funds

If you cannot decrypt the 2FA challenge, you're locked out forever. Test the login process BEFORE depositing cryptocurrency.

Test Login Checklist

  • ✓ Log out of Nexus Market
  • ✓ Log back in with your username & password
  • ✓ Copy the encrypted PGP challenge
  • ✓ Decrypt it successfully using Kleopatra/GPG
  • ✓ Submit the code and access your account
6

Troubleshooting 2FA Issues

❌ "Invalid 2FA Code" Error

Cause: You entered the wrong code or copied the encrypted message instead of the decrypted one.

Solution: Make sure you decrypt the message first. The code should be 16-20 characters of random text.

❌ "Cannot Decrypt Message"

Cause: The message was encrypted with a different public key than the one you're trying to decrypt with.

Solution: Verify you uploaded the correct public key during registration. If wrong, you'll need to contact support.

❌ Lost Private Key

Cause: You deleted your private key or lost access to it.

Solution: Account recovery is possible but difficult. Contact Nexus support with proof of account ownership (previous order IDs, deposit addresses).

7

Security Best Practices

💾 Backup Your Private Key

Export your private key and store it on an encrypted USB drive or offline storage. Without it, you cannot access your Nexus account.

🔒 Never Share Your Private Key

Nexus admins will NEVER ask for your private key. Anyone requesting it is a scammer attempting to steal your account.

🎣 Verify the .onion URL

Phishing sites cannot decrypt PGP challenges. If the 2FA screen looks wrong or you can't decrypt the message, you're on a fake site.

2FA Enabled Successfully

Your account is now protected with PGP 2FA. Continue to our other security guides.

Wallet Security Guide → Phishing Prevention → ← Back to Wiki