Overview
Two-factor authentication (2FA) allows you to protect your gateway account against unwanted logins by using a second device to authenticate you are the person using your account credentials. Using a trusted app on your smartphone, you can verify your identity when logging into the control panel. We highly recommend the use of this feature, as it vastly improves the security of your users.
Prerequisites
Merchants - in the Merchant Portal, on the left side panel → click on 'Options' → 'Settings' → under 'General Options' click on 'Two-factor authentication'; or from the homepage under 'Utilities' → click on 'Settings' → under 'General Options' click on 'Two-factor authentication'.
For merchant users who do not have the 'Access Administrative Options' permission can still set their Two-factor authentication by going to the top right-hand corner of their Merchant Portal → click on 'My Settings' → Two-Factor Auth:
Partners - the merchant user must log in directly via their Merchant Portal to set their Two-factor authentication.
If your merchant needs their 2FA disabled due to them not having access to their Google Authenticator and Authy codes, please see: How to disable Merchants Two-Factor Authentication.
Two-Factor Authentication
Two-factor authentication is considered a more secure way to protect an account. While merchant accounts cannot access multiple sub-accounts, merchant users still have an extensive amount of access to information and abilities. 2FA is recommended for merchant accounts to help reduce the risks of their user information being captured and used by a malicious third party.
Administrative users are an obvious target as they have many extra abilities, however, all individuals with access should consider using 2FA. For example, an attacker who obtains credentials for a merchant user who only has access to the Virtual Terminal could potentially spam the merchant account with thousands of fraudulent transactions, leaving the merchant on the hook for any incurred fees and other issues that arise.
The attached brandable guide "Two-Factor Auth - Merchant Setup.docx" walks configuring 2FA for merchant users: