This article provides an overview of two-step sign in, how to configure it within your GoCardless account, the recovery process, as well as answers to some of the commonly asked questions.
What is two-step sign in?
Two step sign in, also known as Multi Factor Authentication (MFA) or two step verification, enables GoCardless to identify who the user account is by using something you know (your password) and something that you have (either the MFA code from the authenticator app or SMS code we send to your phone).
This enables us to verify it is you who is logging in to your user account and access GoCardless. It is really important that you do not share your account login credentials with anyone and we recommend you take a look at keeping your account secure.
How to enable two-step sign in on your GoCardless account
You can enable Two step sign in by logging into your account and accessing your settings page. GoCardless offers either an Authenticator app or SMS option for your two-step sign in method.
Enabling an authenticator app
1. Scroll to the Two-step sign in section and click the toggle on the right to enable it.
2. Open the authenticator app that you would like to use, this could be on your phone or on your laptop.
3. Follow the instructions given by your chosen app to scan the QR code or enter the secret key
4. The app should give you a six digit code which you need to enter into the provided field, then click confirm
Enabling the SMS method
1. Scroll to the Two-step sign in section and click the toggle on the right to enable it.
2. Enter your mobile phone number in the dialog window and click Confirm
This will send an SMS (text message) to your phone with a code.
3. Enter the code you received and click Confirm
Done! You have Two-step sign in enabled for your account.
How to disable two-step sign in on your GoCardless account
You can disable Two-step sign in by logging into your account and accessing your settings page.
1. Scroll to the Two-step sign in section and click the toggle to disable it.
2. You will be prompted for password confirmation...
Enter the password for your account user and click Disable
A confirmation box will appear to confirm your two-step sign in has been disabled.
Done! You have disabled Two-step sign in for your account. Your settings should now look like this:
How to recover your account
Please email our Support team at help@gocardless.com using the email address connected to your GoCardless account.
Frequently asked questions
How often will I need to complete the two-step sign in process to access my account?
The two-step sign in process will reset every 14 calendar days if you select the "Trust device for 14 days" option when entering the verification code. However, if at any point you select the sign out option from the settings menu, you will be required to go through two-step sign in when you next login to GoCardless.
Am I required to enable two-step sign in on my account?
We strongly recommend that you enable two-step sign in so that you have greater account protections.
Do all users on my account have their own two-step sign in?
Yes. If enabled, all users use their own device to complete the secondary authentication step when signing in.
As an administrator of my account, can I ensure that all users have two-step sign in enabled?
At present, you would need to oversee that this measure is implemented with all users of your organisation as required. In the future, as an organisation administrator, you will be able to enforce that all users within your organisation have two-step sign in enabled.
What happens if I lose my phone?
You will need to follow the recovery process outlined in How to disable two-step sign in on your GoCardless account section above.
We recommend that you use the authenticator app as your primary method for two step sign in / Multi Factor Authentication (MFA).
If you can no longer access your GoCardless account at all, please see this guide on initiating recovery.