GLEX has introduced three new ways to secure your account: passkey authentication, hardware security tokens (YubiKey and compatible FIDO2 devices), and time-based one-time password (TOTP) apps including Google Authenticator, Authy, and Microsoft Authenticator. All three methods are available now in the account security settings. Previously, GLEX supported only traditional username-and-password login.
GLEX has moved from a single sign-in option to a flexible security model where users choose their preferred level of protection.
Authenticator apps (TOTP). A time-based one-time password app generates a six-digit code that refreshes every 30 seconds. After entering your password, you provide the current code as a second factor. Compatible with Google Authenticator, Authy, Microsoft Authenticator, and any TOTP-compliant app.
Hardware security tokens (FIDO U2F / FIDO2). Physical USB or NFC devices — such as YubiKey or Titan Security Key — that confirm your identity with a single tap or press. Because the token is cryptographically bound to the GLEX domain, it cannot be tricked by phishing sites.
Passkeys (FIDO2 / WebAuthn). A passwordless login method that uses your device's biometrics (fingerprint, Face ID) or screen-lock PIN instead of a password. Passkeys sync across devices through iCloud Keychain, Google Password Manager, or compatible credential managers.
Username-and-password authentication remains the most common — and most vulnerable — sign-in method. Passwords are susceptible to phishing, credential stuffing, database leaks, and reuse across services. Adding a second factor (an authenticator app or hardware token) dramatically reduces risk, while passkeys remove the password from the equation entirely.
GLEX has kept password login available for users who are not ready to switch, but recommends enabling at least one additional authentication method.
Setup takes one to three minutes. All options are in the Security section of your account settings:
For authenticator apps, scan the QR code displayed on screen. For hardware tokens, insert the device and tap the button when prompted. For passkeys, confirm creation using your device's biometrics or PIN. You can enable multiple methods at the same time and set one as your default.
| Method | Convenience | Phishing resistance | Device required |
|---|---|---|---|
| Authenticator app | High | Moderate | Smartphone |
| Hardware token | Moderate | Maximum | USB / NFC key |
| Passkey | Maximum | Maximum | Device with biometrics |
For most users, passkeys offer the best balance of convenience and security. Hardware tokens are ideal for high-risk roles such as administrators or finance teams. Authenticator apps are a reliable choice when a device does not yet support passkeys.
The launch of new authentication methods is part of GLEX's broader move toward a Zero Trust security model. Upcoming plans include mandatory two-factor authentication for all accounts and passkey-only registration without the need to create a password.
About GLEX
GLEX is a global AI-powered trading platform operated by GLEX Limited, licensed as an Investment Dealer by the Financial Services Commission (Mauritius) since 2023. The platform launched in 2025 and provides access to multiple financial markets with a focus on transparency, security, and execution quality. Learn more at glex.com.