Two-factor authentication

Overview

Two-factor authentication is a method of computer access control that grants users access to their account after validating two criteria:

• Knowledge - represented by a security aspect the user has knowledge of, such as the username and password.
• Possession - represented by an item that only exists in the possession of that specific user, such as a smartphone, tablet, phone number, or email address.

Through two-factor authentication, users can access the 2Checkout Merchant Control Panel using their username, password, and a security token provided either by the Google Authenticator app or sent via email (associated with their Merchant Control Panel account).

For security reasons, master account users can enable two-factor authentication for their own accounts only via Google Authenticator.

2Checkout allows you to manage user access to specific features by creating and assigning user roles. This extra layer of security enables you to restrict access to the Merchant Control Panel to specific users, based on unique tokens.

Availability

All 2Checkout accounts.

Requirements

• Two-factor authentication through Google Authenticator requires a compatible mobile device running Android 2.3.3 or newer, or iOS 7.0 or newer.
• Two-factor authentication via email requires the user to have access to his or her email account.

Google Authenticator for Android

You can download the Google Authenticator app for Android here or by accessing Google Play Store from your Android device.

Google Authenticator for iOS

You can download the Google Authenticator app for iOS here or by accessing the App Store from your iOS device.

Two-factor authentication types

2Checkout supports two types of two-factor authentication:

• Two-factor authentication powered by Google Authenticator. Authentication codes are delivered through the Google Authenticator app for Android and iOS.
• Two-factor authentication via email. Particular cases where users do not have access to their smartphones, such as environments that adhere to a "clean desk" policy, require authentication codes to be sent via email. In these situations, two-factor enrollment is done by the master account. Users enrolled by the master account cannot disable two-factor authentication on their own.

Two-factor authentication via Google Authenticator

Enable two-factor authentication

Follow the steps below to enable two-factor authentication for your account.

1. Log in to the 2Checkout Merchant Control Panel.
2. Navigate to the Settings cogwheel in the upper right corner.
3. Click on My details.

4. Go to the Two-factor authentication tab.

5. Scan the QR code using your smart device or enter the Authentication secret in the Google Authenticator app. The app will provide an authentication code.

6. Enter the authentication code in the dedicated field in the 2Checkout Merchant Control Panel.

7. Click Activate.

From this point on, every login attempt will require an authentication code provided by Google Authenticator.

Disable two-factor authentication

Follow the steps below to disable two-factor authentication.

1. Login to the 2Checkout Control Panel.
2. Navigate to the Settings cogwheel in the upper right corner.
3. Click on My details.
4. Go to the Two-factor authentication tab.
5. Click Deactivate.

Two-factor authentication via email

Particular cases where users do not have access to their smartphones, such as environments that adhere to a "clean desk" policy, require authentication codes to be sent via email. In these situations, two-factor enrollment is done by the master account. Users enrolled by the master account cannot disable two-factor authentication on their own.

Follow the steps below to enable two-factor authentication via email.

1. Login to the 2Checkout Merchant Control Panel with a master account.
2. Navigate to the Settings cogwheel in the upper right corner.
3. Click on User management.
4. Identify the user you wish to enable two-factor authentication for and click Edit.
5. Check the Two-factor authentication by email option.
6. Click Save.

Once you enable two-factor authentication for a user, 2Checkout notifies them about the change and sends an authentication code to their email address each time a login attempt is detected.