What is 2-factor authentication?
2-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in.
In Employment Hero's case, this additional information is an authentication code that is sent either as a text message (SMS) or via an authentication app. After 2FA is enabled, a unique authentication code is generated any time there is a sign-in attempt from an unrecognised device. The only way someone can sign into your account is if they know both your password and have access to the authentication code on your phone.
We strongly urge you to turn on 2FA for the safety of your account and your information. However, if you are an account owner, administrator, or user with access to other employees superannuation/tax information, you will be required to enable 2FA to access this information. This is due to the ATO's updated digital service provider Operational Framework. You can find more information here.
Who can use 2-factor authentication?
Employment Hero users on a Premium or Standard plan are able to use 2FA via an Authenticator app or SMS.
Employment Hero users on a Free plan will only be able to use 2FA via an Authentication app.
How can I enable 2-factor authentication?
To enable 2-factor authentication:
- In the upper-right corner of any page, click your profile photo
- Navigate to Account Security
- Scroll down to 2-Factor Authentication
- Click Setup
- Choose to authenticate either by Authenticator app or SMS
- Follow the on-screen instructions
- Save your recovery code, click Done
Note: your recovery code is used in the event that you lose your phone. Please store this code in a safe place.
What happens if I lose my phone for 2-factor authentication?
If you lose access to your 2-factor device, e.g. you lose your phone, you can still log in to your account. When prompted for your authentication code, enter your recovery code that was shown during the 2FA setup.
Once you’ve logged in to your account, you should re-configure 2-factor authentication with your new phone number.
What happens if I change my phone number?
If you change to a new phone number, you will need to disable 2-factor authentication and then re-enable 2FA using your new number.
What is an Authenticator app?
Rather than having a code sent to you via SMS when you sign in, an Authenticator app on your phone can be used to generate a code. This code can be entered in to Employment Hero the same way as with texted codes.
Authenticator apps do not have access to your Employment Hero account, nor your personal/sensitive information.
- Go to your phone’s App Store
- Search for “Authenticator app”
- Download an app (eg. Google Authenticator, Authy)