Two Factor Authentication is an authentication method that requires your account credentials be verified by your login name and password in your web browser as well as a secondary platform that is not your browser. This is meant to further secure your account from would-be attackers.
Bitwage uses two-factor authentication to secure all account logins and distribution changes. This is a feature we felt was necessary to keep your account safe and your payrolls under your control.
We have 2 options for Two-Factor Authentication: SMS, and Google Authenticator
1. SMS
![](https://support.bitwage.com/hubfs/Knowledge%20Base%20Import/lh4.googleusercontent.comQs5rUikSyNZ3m7qwojp4G_W7qV0T4l4iTjKL24nQPjb1eo9O2UBh4f1ss5ZruoNa8Rir9fsYnAtpQl_xYhqCoSOI7mLmkvwiskdEMShbT4z5bzegOO9hoJhB4Su.png)
Bitwage by default sends an access code via SMS Text Message to your mobile phone.
Note, this method is less secure because a hacker can port your number away from your carrier by social engineering.
You can turn off SMS Text Messages under Settings, Security, 2- Factor Authentication. You must add Google or Bitwage Authenticator to turn off SMS.
![](https://support.bitwage.com/hubfs/Knowledge%20Base%20Import/lh5.googleusercontent.comukokvy0jwvPGwBLP0sWE004IfvsTAPhZb-BsGDE_44-q0hO7yhlJT-4q5cBd4T2AiOf8cns7vP9iM-dGwjjpj0-CAzEYPUUANCABtyiUqIwzsB_azO8Cq0iWdms.png)
2. Google Authenticator
![](https://support.bitwage.com/hs-fs/hubfs/Knowledge%20Base%20Import/lh6.googleusercontent.comYYWMaRDu1EIyy26AydClUx5bWD8RKpcnEFNa3qzzx0sMExIQCV8fHkG1IKGSzhsgt3hadQ3KlhJdY0oY1fMWqfxlIe3nSnT7LjLItTDWsezEIrG8WZOT6lDAdZN.png?width=173&height=173&name=lh6.googleusercontent.comYYWMaRDu1EIyy26AydClUx5bWD8RKpcnEFNa3qzzx0sMExIQCV8fHkG1IKGSzhsgt3hadQ3KlhJdY0oY1fMWqfxlIe3nSnT7LjLItTDWsezEIrG8WZOT6lDAdZN.png)
Bitwage also supports Google Authenticator Google provides Android and iOS versions, and there also are Chrome Extensions, Windows, Linux, and OS X options available from third parties.
Google Authenticator uses a secret code to generate one-time passwords every 30 seconds, and is much more secure than SMS. We recommend all users disable SMS and use either Google Authenticator or our own native app-based solution.
Google Authenticator uses a secret code to generate one-time passwords every 30 seconds, and is much more secure than SMS. We recommend all users disable SMS and use either Google Authenticator or our own native TOTP app-based solution.
To set up Google Authenticator:
- Sign in to your account using SMS for 2-Factor authentication. If you cannot receive SMS messages, we can provide you with 10 backup codes to use.
- Navigate to “Settings” on the top right and then go to Security, 2-Factor authentication.
- Enable it under Google Authenticator (you will be prompted for a 2-Factor code again)
- You will now see a QR code as well as a secret code. We recommend you store this secret somewhere secure and install it on a TOTP generator such as Yubikey.
- Now that Google Authenticator is enabled and you have a way to generate 1-time passwords from the secret code, you can safely disable SMS.