Two Factor Authentication is an authentication method that requires your account credentials be verified by your login name and password in your web browser as well as a secondary platform that is not your browser. This is meant to further secure your account from would-be attackers.
Bitwage uses two-factor authentication to secure all account logins and distribution changes. This is a feature we felt was necessary to keep your account safe and your payrolls under your control.
We have 2 options for Two-Factor Authentication: SMS, and Google Authenticator
1. SMS
Bitwage by default sends an access code via SMS Text Message to your mobile phone.
Note, this method is less secure because a hacker can port your number away from your carrier by social engineering.
You can turn off SMS Text Messages under Settings, Security, 2- Factor Authentication. You must add Google or Bitwage Authenticator to turn off SMS.
2. Google Authenticator
Bitwage also supports Google Authenticator Google provides Android and iOS versions, and there also are Chrome Extensions, Windows, Linux, and OS X options available from third parties.
Google Authenticator uses a secret code to generate one-time passwords every 30 seconds, and is much more secure than SMS. We recommend all users disable SMS and use either Google Authenticator or our own native app-based solution.
Google Authenticator uses a secret code to generate one-time passwords every 30 seconds, and is much more secure than SMS. We recommend all users disable SMS and use either Google Authenticator or our own native TOTP app-based solution.
To set up Google Authenticator:
- Sign in to your account using SMS for 2-Factor authentication. If you cannot receive SMS messages, we can provide you with 10 backup codes to use.
- Navigate to “Settings” on the top right and then go to Security, 2-Factor authentication.
- Enable it under Google Authenticator (you will be prompted for a 2-Factor code again)
- You will now see a QR code as well as a secret code. We recommend you store this secret somewhere secure and install it on a TOTP generator such as Yubikey.
- Now that Google Authenticator is enabled and you have a way to generate 1-time passwords from the secret code, you can safely disable SMS.