What is 2-factor authentication?
2-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in.
In Employment Hero's case, this additional information is an authentication code that is sent as a text message (SMS). After 2FA is enabled, Employment Hero generates a unique authentication code any time there is a sign-in attempt from an unrecognised device. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.
We strongly urge you to turn on 2FA for the safety of your account and your information. However, if you are an account owner, administrator, or manager with access to other employees superannuation/tax information, you will be required to enable 2FA to access this information. This is due to the ATO's updated digital service provider Operational Framework. You can find more information here.
Who can use 2-factor authentication?
Employment Hero users on a Premium or Standard subscription plan are able to use Employment Hero's 2FA feature.
How can I enable 2-factor authentication?
To enable 2-factor authentication:
- In the upper-right corner of any page, click your profile photo
- Navigate to Account Security
- Scroll down to 2-Factor Authentication
- Click Setup
- Enter your phone number, click Continue
- You will receive a text message with a verification code. Type the code in, click Continue
- Save your recovery code, click Done
Note: your recovery code is used in the event that you lose your phone. Please store this code in a safe place.
What happens if I lose my phone for 2-factor authentication?
If you lose access to your 2-factor device, e.g. you lose your phone, you can still log in to your account. When prompted for your authentication code, enter your recovery code that was shown during the 2FA setup.
Once you’ve logged in to your account, you should re-configure 2-factor authentication with your new phone number.
What happens if I change my phone number?
If you change to a new phone number, you will need to disable 2-factor authentication and then re-enable 2FA using your new number.