FAQ for 2FA (Stocks) -
Use KGI Key
Apply to "WebTrade"
What is two-factor authentication (2FA)?

Two-Factor Authentication is a method of verifying a user identity by utilizing a combination of two distinct elements: 

  1. Something a client knows (e.g., password),
  2. Something a client has (e.g., physical security device, mobile phone), and
  3. Some distinctive features a client has (e.g., biometric authentication).
Who needs to use 2FA?

Two-factor authentication (2FA) applies to all users who login to their internet trading accounts to carry out the following activities:

  1. Dealing in securities
  2. Dealing in futures contracts
  3. Asset management
Why implement 2FA?
Implementing 2FA can reduce or mitigate hacking risks associated with internet trading. Given that passwords have not proven effective to prevent hacking, two-factor authentication is an important part of effective cybersecurity risk management.
How does 2FA work?
After entering your personal Account ID and Password, you are required to go through two-factor authentication in order to login KGI Asia online trading platforms. For example, our system may inspect if your login device has been registered before; or our system will issue a push authentication to request for your permission for the login; or you may be required to input a One-Time-Password (OTP) that is generated instantly by our system and effective for a short period of time; or you may be required to provide your biometrics authentication.
What is “KGI Key” and its role in the 2FA process?
“KGI Key” is a security mobile application for logging in to KGI Asia’s trading platforms. An authentication process of choosing Accept or Reject on your “KGI Key” will be required for each time you login to any of the platforms which is registered in “KGI Key”, providing extra security for any instant login.
Where can I download the “KGI Key” App?
You can download the “KGI Key” App here:
iOS Download Now
Android
(Download from Google Play)
Download Now
Android
(Download from KGI Asia)
Download Now  
How to setup “KGI Key” for 2FA?
  1. Download and install the “KGI Key” App onto your mobile device
  2. You will receive a 2FA notification email if you chose email as the method to receive QR code (with short expiry period), or an SMS with the activation code if you chose to receive notification via your 2FA mobile number.
  3. Open the App and scan the QR code or enter the activation code to link your account to your mobile device.
  4. You will receive a 2FA notification on your mobile App once you login to your KGI Asia trading account.
Which KGI Asia trading platforms can make use of “KGI Key”?
“KGI Key” App supports the securities trading platforms, including WebTrade, KGI HK Mobile Trader (AAstocks) – Android, and KGI HK Mobile Trader (AAstocks) - iPhone
Can “KGI Key” link more than one trading account to the same mobile device?
Yes. You can link multiple trading accounts to the same mobile device via “KGI Key” at the same time.
Can I link my account to “KGI Key” with more than one mobile device?
No. Every trading account can only be linked up with one mobile device only.
What should I do if I have not received QR code email for registration?
Please login to KGI Asia online trading platform and click “Resend QR Code” to request re-sending of the QR Code to your registered 2FA email address.
When will the QR code for 2FA expire?
QR code will be expired in 3 days.
Does “KGI Key” still work if I change the SIM card on my mobile device?
Yes. “KGI Key” links your account to your mobile device but not your SIM card. Changing SIM card or mobile number will not affect the linkage.
What should I do if I change a new mobile device?
You should reactivate the linkage from your original mobile device and link your account to your new mobile device.
From “KGI Key”, press “Reactive”. Choose Email or SMS to receive a One Time Password which will be sent to you immediately. Input the password into the blank space right below. A new QR code will then be sent to your registered 2FA email address. Scan the QR code to link up to your new mobile device.
What should I do if I lose my mobile device?
To secure your online trading account, please call our 24-hour InvestLine at (852) 2878-5555 or contact your KGI Asia Investment Representative.
What should I do if I accidentally deleted the “KGI Key” App on my mobile device?
As your account has been linked with “KGI Key”, even if you deleted the app, the linkage is still valid. Please call our 24-hour InvestLine at (852) 2878-5555 or contact your KGI Asia Investment Representative for assistance. 
What is the effective time of “KGI Key” ’s push notification?
The effective time of push notification is 5 minutes. You are required to login again if the session expires after 5 minutes.
How long is the validity time for One-Time-Password?
One-Time-Password will only be valid for 5 minutes. You are required to login again if the session expires after 5 minutes.
How to update “KGI Key”?

iOS

Please update the latest version of “KGI Key” at App Store directly.

Attention: Do Not delete and reinstall the “KGI Key”. If the “KGI Key” is deleted, your registered account will also be removed at the same time. Under this situation, you should re-register for Two-Factor Authentication and re-register your account into the “KGI Key”.

Android

Install by APK:

If you have already installed “KGI Key” by APK, please continue to update to the latest APK version.

Attention: Do Not update, delete or reinstall “KGI Key” via Google Play. When you do so, an alert will pop up: “Since your App is not installed via Google Play, you cannot upgrade the app here. Would you like to remove the App?”

Please note if you remove the App, your registered account will also be removed at the same time. Under this situation, you should re-register for Two-Factor Authentication and re-register your account into the “KGI Key”.

Install by Google Play:

If you have already installed “KGI Key” by Google Play, please continue to update the latest version by Google Play.

Attention: Do Not use APK to update, delete and reinstall the “KGI Key”. When you upgrade “KGI Key” by APK, an alert will pop up: “Since your App is not installed by APK, you cannot upgrade the app here. Would you like to remove the App?”

Please note if you remove the App, your registered account will also be removed at the same time. Under this situation, you should re-register for Two-Factor Authentication and re-register your account into the “KGI Key”.