What is Two-Factor Authentication?
Two-Factor Authentication (also known as 2FA) is a verification system that creates an additional layer of security to access something that belongs to you.
This is usually enforced by requesting a second piece of information, most likely a temporary code delivered by a device in your possession, such as your phone.
Why do I need 2FA on my Paystack Dashboard?
Enabling 2FA on your Paystack Dashboard adds an extra layer of security to your Paystack Dashboard. It makes it impossible for anybody else to access your Dashboard even if they have your password. So while your password protects an outsider from logging into your account, 2FA makes it even harder for that to happen.
With 2FA enabled, after filling in your Paystack username and password, you’ll need to input a code generated from an authenticator app or use one of your backup codes to log in.
We’ve detailed how to enable 2FA on your Dashboard using different authenticator apps like Authy, Google Authenticator and Last Pass Authenticator in this article.
What is an authenticator app?
An authenticator app is a mobile application that generates security codes or Time-based One-time Passwords (TOTP) used to verify log in access to websites or accounts.
How do I log in with an authenticator app?
To use an authenticator app to log in, you simply fill in your username and password and click on ‘Login to your account.’ You’ll see a prompt asking you to ‘enter the 6-digit verification code generated by your authenticator app.’
All you have to do is open your authenticator app, copy the TOTP generated by the app for your Paystack account, fill it into the empty fields and login to your account.
What are backup codes?
Backup codes act as a fail-safe for times when you do not have access to the mobile phone that carries your authenticator app.
The backup codes can be used in place of the Time-based One-time Passwords (TOTP) to log in to your Paystack Dashboard.
How do I get my backup codes?
When you successfully enable 2FA on your account, you’ll receive a prompt indicating this. Along with the prompt are a set of backup codes which can be used in place of the Time-based One-time Passwords (TOTP) on your authenticator app.
How do I store my backup codes?
Your backup codes are very important codes that should not be shared with anyone. We advise that you treat these codes with the same discretion you apply to your ATM pin.
When you receive your backup codes after successfully enabling 2FA on your account, you can download the backup codes and store the file containing them on your phone or computer with an inconspicuous file name. For example, instead of naming the file something like ‘my backup codes,’ you can name the file something less obvious like ‘weekend shopping list.’
Another trick is to save them as phone numbers on your contact list so they are not easily detected.
How do I use a backup code to log in?
To use a backup code to log in, you simply fill in your username and password and click on ‘Login to your account.’ You’ll see a prompt asking you to ‘enter the 6-digit verification code generated by your authenticator app.' Just below this message is an option to ‘use a backup code instead.’
When you click on that option, you’ll see another prompt asking you to enter your backup code. All you have to do is fill in any of your backup codes and you’re good to go.
Please note that backup codes can only be used once. When a backup code is used on your account, we’ll send you an email notifying you of this as well as how many codes you have left. If you exhaust all ten backup codes you will need to generate new ones.
How do I generate new backup codes?
To generate a new set of backup codes, log in to your Paystack Dashboard, go to Settings>>Profile and click on ‘Generate new back up codes.'
Before the new codes are generated, you’ll need to provide a TOTP from your authenticator app just like you do when you want to log in. After filling the fields, click on Continue and you’ll receive a new set of backup codes.