Using Two-Factor Authentication (2FA)
Currencycloud has teamed up with Authy, built by Twilio, to provide a Two-factor authentication solution.
What is 2 Factor Authentication?
Two-factor authentication (or 2FA) is an extra layer of security to make sure someone trying to access their online account is who they say they are. In addition to providing information you know such as username and passwords (1st factor), you’ll also be asked to use something you have such as a smartphone (2nd factor) to confirm your identity.
Why do I need 2FA?
Relying on passwords alone is risky. A rise in cybersecurity crime combined with weak passwords, or using similar passwords across multiple online accounts, makes it easier for hackers to gain access to a user’s accounts. The introduction of a second factor that cannot be guessed, is the only way to remove this risk.
Setting up 2FA
I didn’t receive a text message with instructions to download the app
Sometimes poor signal can result in SMS messages being delayed. Please check your reception and try again. On the confirmation screen, you can also check the mobile phone number you entered, just to make 100% sure it is correct. If the number’s correct and your signal is fine, you can always search for the app by typing “Authy” in the App Store (Apple) or Play Store (Android).
I don’t have an Apple or Android device
Users can download a Desktop app on a Windows or Apple computer by visiting: https://authy.com/download/. We are exploring introducing SMS verification in the future if we see enough demand from clients.
Can I use another authenticator app like Google Authenticator instead?
Not at this time, we believe Authy is the best app for the job. But this is something we’ll be monitoring demand for with a view to introducing in future.
I’m having problems setting up the Authy application
If you are experiencing difficulties downloading the Authy application, visit the Authy Help Centre for further assistance.
Logging in with 2FA
How often will I be asked to verify my identity
Every time you log into Currencycloud Direct from a device you haven’t used before, you will be asked to verify yourself using the Authy app. If you have ticked the “Remember this device for 15 days” option on the 2-step login page, we won’t ask you to verify on subsequent attempts over the next 15 days. After this time has lapsed, you will need to verify yourself using the 2-step login again.
I have 2FA set-up but wasn’t prompted for it when I logged in
Usually, this is because you will have selected the “Remember this device for 15 days” functionality on a previous log-in attempt. If you still think there may be issues with your 2FA, please contact your Account Manager directly.
I don’t have my phone with me
You need to have access to a device registered to receive your 2-factor authentication prompts in order to keep your account secure. The best thing to do is to enable Authy Multi-Device which allows multiple trusted devices to use the same Authy account. This will also help if you ever lose access to one of your devices. If you can’t access any of your devices and urgently need to access your account, please contact our support team.
I’ve lost my phone or have a new phone number
There are a number of options, the easiest being if you already have more than one device registered.
- If you have access to another registered device you can use it to manage your devices, including changing your phone number.
- If you have access to a new phone with the same number then you can restore your Authy account on your new phone by downloading the app.
- If you have a new phone number and don’t have another registered device, you can request to change your phone number.
Managing 2FA at House-account level
Is 2FA Mandatory?
No. Initially, we will only be supporting 2FA as an optional functionality.
What does optional 2FA mean?
If an account is set up for optional 2FA, then a user will be able to turn 2FA on or off from their Profile page on Currencycloud Direct. Before making any changes, we’ll ask a user to confirm it’s them by entering their login details.
Managing 2FA at Sub-account level
If I am managing sub-accounts, can I still apply 2FA?
Yes, if you are a house account user with this permission enabled, you will be able to:
- View the 2FA status of any contacts in your sub-accounts
- Reset a user’s 2-step login details – this will delete the user’s existing registered details. This user will not be prompted to verify their identity upon next login but instead will be able to register again using a mobile phone number.
- Please note – always remember to verify a user’s identity before agreeing to reset their 2-step login.
Other problems using Authy.
For any other issues with Authy, you can find help here.