Overview
Two-Factor Authentication (2FA) is one of the most effective ways to protect your merchants’ accounts from unauthorized access. As an affiliate partner, you play a key role in helping merchants understand its value and get it set up correctly.
With 2FA, users verify their identity using both their password and a trusted mobile device via an authenticator app (Google Authenticator). This added security layer protects against stolen credentials and prevents malicious access.
Encourage your merchants to enable 2FA — it’s a simple step that greatly reduces risk.
Key Benefits for Merchants
When you’re explaining 2FA to merchants, highlight the following advantages:
- Stronger Account Security: Protects against credential theft and unauthorized access.
- No More Password Expiration: Merchants who use 2FA don’t need to reset their password every 90 days.
- Skip Device Recognition: Once 2FA is active, users won’t be prompted to verify trusted devices repeatedly.
- Prevention of Abuse: Even limited-access users (e.g., Virtual Terminal only) can be exploited without 2FA.
- Administrative Protection: Admins have elevated permissions — they’re prime targets and need extra safeguards.
How Merchants Can Access 2FA
Option 1
- Sign in to the Merchant Portal
- In the top right-hand corner, click My Settings
- Click on Two-Factor Auth and follow the setup instructions
Option 2
- Sign in to the Merchant Portal
- In the left-hand navigation panel, click Options
- Click on Two-Factor Auth
✅ Reminder for Partners: Merchants must log in directly to their own Merchant Portal to enable 2FA — this can’t be done on their behalf.
How to Set Up Two-Factor Authentication
Use these instructions to walk a merchant through configuring 2FA with Google Authenticator:
-
Download the Google Authenticator App:
- iOS – App Store
-
Android – Play Store
Or have them search for “Google Authenticator” in their device’s app store.
-
Access the 2FA Setup Screen
- Log in to the Merchant Portal.
- Click My Settings in the top-right corner.
- Select Two-Factor Auth.
- This screen will display a unique QR code for configuration.
-
Add Account to the Google Authenticator App
- Open the Google Authenticator app.
- Tap the “+” button to add a new key.
- Choose “Scan a barcode.”
- Use the phone’s camera to scan the QR code shown on the Merchant Portal screen.
-
Enter the 6-Digit Code on the Screen
- Once scanned, a new 6-digit code will appear in the app, cycling every 30 seconds.
- Enter the current 6-digit code into the “6-Digit Auth Code” field on the setup screen.
- Click Authenticate.
-
Confirmation
- The screen will confirm that 2FA has been successfully configured.
How It Works During Login
- The user logs in with their username and password.
- They’ll be prompted to enter a code from the Google Authenticator app.
- Enter the active 6-digit code to complete login.
⚠️ Note: Codes refresh every 30 seconds. A countdown bar and red warning appear as codes near expiration. Expired or incorrect codes will return "Authentication Failed."
What If the Merchant Loses Access to Their Authenticator App?
If a merchant no longer has access to their 2FA codes (e.g., lost phone, uninstalled app), refer to this article: “How to Disable Merchant Two-Factor Authentication”
This resource will guide you on how to handle the issue and assist the merchant in regaining access.
Need a Shareable Guide for Your Merchant?
We’ve attached a brandable walkthrough.
Use it as a step-by-step reference or send it directly to your merchant contacts.