Using Two-Factor Authentication (2FA)
Currencycloud has teamed up with Authy, built by Twilio, to provide a Two-factor authentication solution.
What is Two-Factor Authentication?
Two-factor authentication (or 2FA) is an extra layer of security to make sure someone trying to access their online account is who they say they are. In addition to providing information you know such as username and passwords (1st factor), you’ll also be asked to use something you have such as a smartphone (2nd factor) to confirm your identity.
Why do I need 2FA?
Relying on passwords alone is risky. A rise in cybersecurity crime combined with weak passwords, or using similar passwords across multiple online accounts, makes it easier for hackers to gain access to a user’s accounts. The introduction of a second factor provides an additional way for us to verify a users identity.
Is 2FA Mandatory?
Yes. In line with regulation requirements, we are now rolling out mandatory 2FA for all users in a phased approach starting 23 March 2020 and we expect to complete the work by the end of April 2020. Your Customer Success Manager will have been in touch about this but please reach out to them directly if you have any questions.
Is 2FA mandatory for my customers (sub-account) level?
Yes. If you are a house account user with this permission enabled, you will be able to:
- View the 2FA status of any contacts in your sub-accounts
- Reset a user’s 2-step login details – this will delete the user’s existing registered details. This user will not be prompted to verify their identity upon next login but instead will be able to register again using a mobile phone number.
- Please note – always remember to verify a user’s identity before agreeing to reset their 2-step login.
Will my, or my customers, data be used for marketing purposes?
No. We will never use any data for marketing purposes without your consent.
Setting up 2FA
I didn’t receive a text message with instructions to download the app
Sometimes poor signal can result in SMS messages being delayed. Please check your reception and try again. On the confirmation screen, you can also check the mobile phone number you entered, just to make 100% sure it is correct. If the number’s correct and your signal is fine, you can always search for the app by typing “Authy” in the App Store (Apple) or Play Store (Android).
I don’t have an Apple or Android device
Users can download a Desktop app on a Windows or Apple computer by visiting: https://authy.com/download/. We are exploring introducing SMS verification in the future if we see enough demand from clients.
Can I use another authenticator app like Google Authenticator instead?
Not at this time, we believe Authy is the best app for the job. But this is something we’ll be monitoring demand for with a view to introducing in future.
I’m having problems setting up the Authy application
If you are experiencing difficulties downloading the Authy application, visit the Authy Help Centre for further assistance.
Logging in with 2FA
How often will I be asked to verify my identity
Every time you log into Currencycloud Direct from a device you haven’t used before, you will be asked to verify yourself using the Authy app. If you have ticked the “Remember this device for 15 days” option on the 2-step login page, we won’t ask you to verify on subsequent attempts over the next 15 days. After this time has lapsed, you will need to verify yourself using the 2-step login again.
I have 2FA set-up but wasn’t prompted for it when I logged in
Usually, this is because you will have selected the “Remember this device for 15 days” functionality on a previous log-in attempt. If you still think there may be issues with your 2FA, please contact your Account Manager directly.
I don’t have my phone with me
You need to have access to a device registered to receive your 2-factor authentication prompts in order to keep your account secure. The best thing to do is to enable Authy Multi-Device which allows multiple trusted devices to use the same Authy account. This will also help if you ever lose access to one of your devices. As a reminder, you should always make sure you are using the latest software version on all devices for maximum security. If you can’t access any of your devices and urgently need to access your account, please contact our support team.
I’ve lost my phone or have a new phone number
There are a number of options, the easiest being if you already have more than one device registered.
- If you have access to another registered device you can use it to manage your devices, including changing your phone number.
- If you have access to a new phone with the same number then you can restore your Authy account on your new phone by downloading the app.
- If you have a new phone number and don’t have another registered device, you can request to change your phone number.
Other problems using Authy.
For any other issues with Authy, you can find help here.