Background
The Wethenorth Darknet marketplace mandated two-factor authentication for all vendor accounts effective March 5, 2026. Vendor accounts without 2FA enabled were automatically suspended from new listing activity until the requirement was met.
Details and Context
The platform's 2FA implementation uses time-based one-time passwords (TOTP), compatible with standard authenticator applications including Aegis (open source, recommended for Android), Raivo OTP (iOS), and desktop TOTP managers. SMS-based 2FA was explicitly not implemented, as SMS is subject to SIM-swapping attacks.
Community Response and Implications
Buyer accounts are not mandated to use 2FA but the platform documentation now strongly recommends it, particularly for accounts with active XMR or BTC balances. A PIN-based withdrawal lock feature was simultaneously introduced, requiring a secondary 4–6 digit PIN for any withdrawal request.