2-Factor Authentication
One of the ways that users put themselves at risk of cybercrime is with their choice of passwords or by saving their passwords to the device they are using. SimplePay has an option to have 2 layers of login security, called 2-Factor Authentication (2FA). This feature requires users to enter a verification code as an additional step when logging into SimplePay with their username and password. The verification code is obtained from an authentication app that users will need to download.
Enabling 2-Factor Authentication¶
Users (i.e. each unique username/email address and related password) will need to enable 2-Factor Authentication for their login. To do this:
- Go to the Profile icon > User Profile.
- Under 2-Factor Authentication, click on Enable 2-Factor Authentication and enter your SimplePay password.
- Follow the 3-step process shown on the screen:
1. Download a 2-factor authentication app.
Please note: The following 2-factor authentication apps are available:
Authy or Google authenticator for Android. Authy or Google authenticator for iOS and Microsoft Authenticator for Windows devices.
Please note: The app does not need to be downloaded onto the device that you will be using regularly. For example, you could download the app onto your mobile phone, but use your laptop to access SimplePay. Every time you log into SimplePay, you will need to have the device that has the app with you in order to get the verification code.
2. Scan the QR Code using the authentication app.
3. Enter the verification code generated by the app.
- Click on Configure Recovery.
Please note: Before proceeding with adding a phone number, you have the option to save the Recovery Codes. Click Download or Print.
- You will now be able to add a phone number for resetting purposes.
- Click Send OTP once you have entered a phone number.
Please note: This phone number will only be used to send an OTP if you have lost access to your 2FA device and need to reset 2FA. We will not be using this phone number for any other purpose.
- Enter the OTP sent to your phone.
- Click Enable 2-Factor Authentication.
Using Recovery Codes¶
If you don’t have the authentication app with you when trying to log in, you can use your backup/recovery codes to log in. The backup/recovery codes should have been saved to your computer or printed when enabling 2FA (see above).
Please note: You can only use each recovery code once.
If you would like to have new recovery codes generated, this can be done as follows:
- Go to the Profile icon > User Profile.
- Under 2-Factor Authentication, click on Recovery Settings.
- Enter your password and click Confirm.
- Under Recovery Codes, click on GET NEW CODES.
Please note: Once you have generated new recovery codes, the previous codes will become invalid.
Disabling 2-Factor Authentication¶
You can opt to no longer have 2-Factor Authentication enabled for your login. To disable this function:
- Go to the Profile icon > User Profile.
- Under 2-Factor Authentication, click on Disable 2-Factor Authentication.
- Enter your SimplePay password.
- Click Confirm.
Please note: If you are using our Xero integration, you are required to always have 2FA enabled.
You can also disable 2FA when logging in to SimplePay. See below:
Establish a Device as a Trusted Device¶
If you establish a device as a trusted device, you will only need to enter the verification code when logging into this device every 30 days. A verification code will be required with each login for devices that are not established as trusted. To set a device as trusted:
- Go to the SimplePay login page on the device that you trust. Ensure that you are not logged in.
- Enter your email address and password and click Login.
- Enter the verification code from your device.
- Select the checkbox Trust this device for 30 days.
- Click Login.
Revoke Trust from a Device¶
If you revoke trust from a device, you’ll have to enter your verification code the next time you try to log in from this device. To revoke trust for a device:
- Go to the Profile icon > User Profile.
- Under Account Maintenance, click on Devices.
- Click on Revoke Trust next to the device that you no longer trust.
- Click Confirm.
2-Factor Authentication Reset¶
Should you lose access to your 2FA device, you will be able to reset your 2FA with an OTP sent to the phone number that you provided us with.
If you would like to capture a phone number and you have already enabled 2FA, follow these steps:
- Go to the Profile icon > User Profile.
- Under 2-Factor Authentication, click on Recovery Settings.
- Enter your password and click Confirm.
- Under Phone Number, click on Edit.
- Click Send OTP once you have entered a phone number.
- Enter the OTP sent to your phone.
- Click Save.
Please note: If you need to reset your 2FA but have not captured a phone number when enabling 2FA nor do you have access to your 2FA device, you will need to contact our Support Team for further assistance.