Your wallet is automatically secured by Web3Auth with your account and device pairing. Every time you sign in to the application in which the wallet is used, you will see a loading page of the wallet. This checks if the device on which the application is used is paired to the wallet.
Every third sign in, you will be asked by Web3Auth to add further security measures to your wallet. This can be any of the following:
Social login (google, Facebook, Cere verifier, etc…) which can have own 2FAs, like email confirmation or SMS confirmation
User Device - the list of devices user successfully logged in from
Recovery phrase - 12 word backup phrase
Account password
https://lh3.googleusercontent.com/isvEO81Ba0qw1fQXYcrxpVuvq2rzqVd8Qyi6Nt6wqe-iNNh_IoU0FwrTceQOg_VKBxKh7UUpoBQY447MajqMUsEZboKhry2y3in8tBDgWsTvO6bCw4PjxXkwc5DvERZjpxV6ZAHby8-t-kPp