Two-factor authentication (2FA)

Two-factor authentication (also known as 2FA) is a verification system that creates an additional layer of security to access something that belongs to you.

This is usually enforced by requesting a second piece of information, most likely a temporary code delivered by a device in your possession, such as your phone.

Enabling 2FA on your Paystack Dashboard adds an extra layer of security to your Paystack Dashboard. It makes it impossible for anybody else to access your Dashboard, even if they have your password. So while your password protects an outsider from logging into your account, 2FA makes it even harder for that to happen.

With 2FA enabled, after filling in your Paystack username and password, you’ll need to input a code generated from an authenticator app or use one of your backup codes to log in.

An authenticator app is a mobile application that generates security codes or Time-based One-time Passwords (TOTP) used to verify login access to websites or accounts.

Backup codes act as a fail-safe for times when you do not have access to the mobile phone that carries your authenticator app.

The backup codes can be used in place of the Time-based One-time Passwords (TOTP) to log in to your Paystack Dashboard.

When you successfully enable 2FA on your account, you’ll receive a prompt indicating this. Along with the prompt is a set of backup codes which can be used in place of the Time-based One-time Passwords (TOTP) on your authenticator app.

Your backup codes are very important and should not be shared with anyone. We advise that you treat these codes with the same discretion you apply to your ATM PIN.

When you receive your backup codes after successfully enabling 2FA on your account, you can download the backup codes and store the file containing them on your phone or computer with an inconspicuous file name by clicking on 'Download backup codes' as it appears in the image above. For example, instead of naming the file something like ‘my backup codes,’ you can name the file something less obvious like ‘weekend shopping list.’

Another trick is to save them as phone numbers on your contact list so they are not easily detected.

To generate a new set of backup codes, login to your Paystack Dashboard, go to the Profile tab under Settings and click on ‘Generate new backup codes.'

Before the new codes are generated, you’ll need to provide a TOTP from your authenticator app, just like you do when you want to log in. After filling in the fields, click on 'Continue', and you’ll receive a new set of backup codes.

To use an authenticator app to log in, you simply fill in your username and password and click on ‘Login to your account.’ You’ll see a prompt asking you to ‘enter the 6-digit verification code generated by your authenticator app.’

All you have to do is open your authenticator app, copy the TOTP generated by the app for your Paystack account, fill it into the empty fields and log in to your account.

To use a backup code to log in, all you need to do is follow these steps:

1. Fill in your username and password and click on ‘Login to your account.’ You’ll see a prompt asking you to ‘enter the 6-digit verification code generated by your authenticator app.' Just below this message is an option to ‘use a backup code instead.’

2. When you click on that option, you’ll see another prompt asking you to enter your backup code. All you have to do is fill in any of your backup codes, and you’re good to go.

Please note that each backup code can only be used once. When a backup code is used on your account, we’ll send you an email notifying you of this and how many codes you have left. If you exhaust all ten backup codes, you must generate new ones.

There are many authenticator apps available for use, but we’ve detailed how to set up 2FA with four common apps.

It is helpful to note that 2FA works on a user basis. This means that enabling 2FA only enables it for your user account, not any other user account with 2FA disabled. The admin of a business can see which users have 2FA enabled and which users do not.

You can use any of the following authenticator apps to set up 2FA on your Paystack Dashboard, but we strongly recommend you set it up with Authy. Authy stores your credentials on the cloud, so if you lose or change your mobile device, you will not have to reset your 2FA on the new device:

• Authy

• Microsoft authenticator

• LastPass authenticator

• Duo Mobile

1. Download the Authy app here.

2. Log in to your Paystack Dashboard.

3. Go to the Profile tab on the Settings page of your Dashboard.

4. Toggle the 'Two-factor authentication' button.

5. Open your Authy app. Click on the three dots at the top right and choose 'Add Account'.

6. Click 'Scan QR Code' and scan the QR Code shown to you on the Dashboard, as seen below.

7. If you are unable to scan the barcode for any reason, click 'Enter Code Manually' on the Authy app and enter the text code being shown to you on the Dashboard into the relevant field on the Authy app.

8. Save your profile on the Authy app, and a six-digit time-based one-time Password (TOTP) will be shown to you.

9. Enter that TOTP in the input space provided on your Dashboard and click 'Enable'.

1. Download the Microsoft Authenticator app here.

2. Log in to your Paystack Dashboard.

3. Go to the Profile tab on the Settings page of your Dashboard.

4. Toggle the 'Two-factor authentication' button.

5. Open your Microsoft Authenticator app.

6. Click on the three dots at the top right and choose 'Add account'.

7. Click on 'Other account' and scan the QR code shown to you on the Dashboard.

8. If you cannot scan the barcode for any reason, click 'or enter code manually' at the bottom of the page and enter the text code shown on the Dashboard into the relevant field on the Microsoft Authenticator app.

9. Click on the account you just created on the Microsoft Authenticator app, and a one-time password code will be shown to you. Enter the TOTP in the input space provided on your Dashboard and click 'Enable'.

1. Download the LastPass Authenticator app here.

2. Log in to your Paystack Dashboard.

3. Go to the Profile tab on the Settings page of your Dashboard.

4. Toggle the Two-factor authentication button.

5. Open your LastPass Authenticator app.

6. Click on 'Add new account'.

7. Click on 'Scan barcode' and scan the QR code shown to you. Click on the check icon at the top right to save your profile.

8. If you cannot scan the barcode for any reason, go back and click 'Add account' again. Choose 'Enter manually' at the bottom of the page and enter the text code shown on the Dashboard into the relevant field on the LastPass Authenticator app.

9. A one-time password code will be shown to you. Enter the TOTP in the input space provided on your Dashboard and click 'Enable'.

1. Download the Duo Mobile app here.

2. Log in to your Paystack Dashboard.

3. Go to the Profile tab on the Settings page of your Dashboard.

4. Toggle the Two-factor authentication button.

5. Open your Duo Mobile app and click on 'Get Started'. This will open your camera.

6. Scan the QR code shown on your Dashboard.

7. If you cannot scan the barcode for any reason, click 'No barcode'. Choose 'Add a Duo security-enabled account' and enter the text code shown on the Dashboard.

8. A one-time password code will be generated and shown to you. Enter the TOTP in the input space provided on your Dashboard and click 'Enable'.

As an admin, you can enforce 2FA for your team members. To do this, you must ensure that you have activated 2FA for your own login. Once you have 2FA enabled for your login, kindly follow the steps below to enforce it for all your team members:

1. Log in to your Paystack Dashboard.

2. Click on Go to the Team tab on the Settings page of your Dashboard.

3. Click the ‘Enforce 2FA’ button.

4. Select whether you want to enforce 2FA immediately or at a later date and click the green ‘Enforce 2FA’ button.

If you choose to enforce 2FA immediately, all your team members’ access to the Dashboard will be revoked, and Paystack will notify them to enable 2FA before they can regain their access again. However, if you choose to enforce 2FA at a later date, your team members will be notified to enable 2FA before the date you chose, or their access will be revoked on that date.

You can disable 2FA on your Paystack dashboard by following these steps:

1. Log in to your Paystack Dashboard.

2. Go to the Profile tab on the Settings page of your Dashboard.

3. Toggle the Two-factor authentication button.

4. Open your authenticator app and enter the generated six-digit TOTP into the fields on the pop-up below. Click 'Disable'.

If you no longer have access to the device you used to set up 2FA, you can log in to your Paystack Dashboard using one of your backup codes. When you're logged in, you can disable 2FA and then re-enable it with your new device.

Backup codes act as a fail-safe for times when you do not have access to the mobile phone that carries your authenticator app.

The backup codes can be used in place of the Time-based One-time Passwords (TOTP) to log in to your Paystack Dashboard.

While enabling 2FA on your account, you would have received a prompt, as seen below, which includes a set of backup codes that can be used in place of the Time-based One-time Passwords (TOTP) on your authenticator app. Find where you stored the backup codes.

Once you've found where you stored your backup codes, follow these steps:

1. Fill in your username and password on the login page and click on ‘Login to your account.’

2. You’ll see a prompt asking you to enter the 6-digit verification code generated by your authenticator app. Just below this message is an option to 'use a backup code instead'.

3. When you click on that option, you’ll see another prompt asking you to enter your backup code. All you have to do is fill in any of your backup codes, and you’re good to go.

Please note that backup codes can only be used once. When a backup code is used on your account, we’ll send you an email notifying you of this as well as how many codes you have left. If you exhaust all ten backup codes, you will need to generate new ones, as explained above.

If you cannot find your backup codes, please send an email to support@paystack.com so we can verify your identity and manually reset 2FA for your account.