Table of Contents
Device Recognition introduces a new security methodology that requires users to present a one-time passcode that is emailed to them as a second factor of authentication in addition to their username and password credentials.
Device Recognition improves the security of users and greatly reduces account takeover attempts where the username and password credentials are compromised by requiring the one-time passcode that is emailed to the email linked to the username.
Q: I did not receive an email with the one-time passcode. What should I do?
A: There can be a couple of factors as to why you did not receive the email. First, check the Device Recognition page to ensure the email we have on file matches your email address as per the image below.
If the email does not match, please reach out to your primary/admin user to ensure your email is updated.
If the email does match and the email has not landed in your junk/spam folder, please reach out to your IT Support team to ensure there are no firewall/email rules that are blocking these emails.
Q: I share my username with multiple people in my organization and this is causing multiple emails to an inbox we do not have access to. What should I do?
A: Account sharing is not allowed and is against security best practices. You will need to reach out to your primary/admin user to have a unique username created that is linked to your own unique email address so that you can receive these one-time passcodes.
Q: I keep getting prompted for the one-time passcode each time I log in and this is disrupting my business. What can I do?
A: The next time you get prompted to enter your one-time passcode, you can check the "Remember this device for 30 days" box. This creates a cookie using your browser and device and will remember your setup for 30 days without the need to re-enter the code upon each login attempt. After 30 days you will be prompted to enter a new one-time passcode.
Note - check your browsers cookies settings to see if it's set to clear every 30 days vs every 24 hours as this will result in you having to enter your one-time passcode every time the 24 hour mark passes.
Q: I copied the code from the email and received an authentication failed message. What should I do?
A: Enter the passcode manually rather than copy and paste it. Some email clients can include invisible non-ASCII characters that can be copied over and introduce issues when trying to authenticate.
Q: What if a different user logs into the same device as another user? Ex: UserA logs into a device and gets a code and all is good. UserB logs into the same device, gets a code, and all is good. UserA logs into the same device again, and gets a code even though previously the user had checked the 30 days box
A: The device recognition will only remember the user/last person to click the remember me. So, the users would just get the notification back and forth.
Q: What if a merchant or partner are sharing username and passwords (not recommended) but logging in to different devices?
A: The device recognition will remember each users work station.
Q: What if a merchant keeps entering the new code and continuously gets 'Authentication Failed'?
A: Receiving the authentication error can happen when they are using a bookmarked login page. Have the user open a fresh browser window and login by adding the URL. Once a user is loggged in using the device recognition code then they should be able to save their login page to use moving forward.
Q: Are there any alternatives to Device Recognition?
A: There are two alternatives:
- App based Two-Factor Authentication (2FA) supersedes Device Recognition. Two-factor authentication allows you to protect your gateway account against unwanted logins by using a second device to authenticate you are the person using your account credentials. Using a trusted app on your smartphone, you can verify your identity when logging into the control panel. Learn how to enable Two-Factor Authentication.
- IP Restrictions also supersede Device Recognition. IP Restrictions allow you to protect your gateway account against unwanted logins by restricting the IP addresses that have access to the gateway account. Learn more about Merchant Gateway IP Restrictions here.