Using an authenticator app to enable Multi-Factor Authentication (MFA) adds an additional layer of protection to your confidential company and tax information, as well as sensitive employee data. In the same way a candidate might be asked to provide a second form of ID to a job interview, you can make sure that anyone who logs in using your OnPay password is asked to provide a second means of identification — a unique 6-digit code that only you can access.
What we'll cover
- What is Multi-Factor Authentication?
- What if someone hacks into my authenticator?
- If asked to enable MFA when logging in
- Setting up MFA
- Logging in with MFA
- Disabling MFA
Share this security feature with your employees by sending them to this guide→
What is Multi-Factor Authentication?
Sometimes called Two-Factor Authentication (2FA), MFA gives OnPay a way to verify that you are you, and not just someone who's gained access to your OnPay password. It does this by way of a second password, a secret 6-digit code that's different every time, called an authentication code. This code is sent through a third party app called an authentication app.
Once you've downloaded set up an authenticator app, it will keep track of accounts (like OnPay) that require MFA at login. You may have other online accounts that support MFA at login. If so, you can use the same authenticator app to add security to those accounts, too.
What if someone hacks into my authenticator?
While authenticator apps provide pass codes to access online accounts, these codes alone are not enough to gain access to an online account. The 6-digit code provided by the authenticator app is a one-time use code that only works for about a minute, before it's replaced by a new code.
This means that if you haven't set up an authenticator app, and someone does gain access to your OnPay password, not only could they access your secure company and employee data, but they could also enable MFA using their own authenticator, and effectively lock you out of your own account. Set up MFA as soon as possible to ensure that it takes more than just your password to access your OnPay account information.
If asked to enable MFA when logging in
If you haven't already set it up for your account, you'll be prompted to choose how you'd like to generate your authentication code each time you log into OnPay.
- Download an Authenticator App (like Google Authenticator) to generate your own unique 6-digit code whenever you're ready to log in
- Choose Send Text Message to set up a mobile number where we can send a text message (SMS) with a 6-digit code whenever you log in
- You're able to skip for now, and set up MFA next time you log in*
- To enter different OnPay login credentials
*This may have already been enabled when setting up OnPay for the first time. If "remember me
**If you have already set up Multi-Factor Authentication for your OnPay account, and are being prompted to set it up again, click Return To Login and make sure you're logging in using the correct email and password, and are not using autofill. MFA is account specific, and enabling it for your account does not automatically require authentication for other users logging in.
If you "Skip for now"...
You will be prompted to set up Multi-Factor Authentication every time you log into OnPay until MFA is enabled. To avoid taking this extra step at each login, enable MFA and select Remember Me before submitting. This allows a trusted web browser to vouch for you for 30 days*.
If you've already enabled Multi-Factor Authentication
If MFA has already been enabled for your account, you'll be asked to enter a code after you've entered your email and OnPay password. If you have previously enabled MFA using one method, and wish to instead use another to authenticate your login, you can disable MFA (covered later↓) and then enable it again using your preferred method.
You can enable multi-factor authentication at any time in your OnPay profile, and may have even set it up when you first started with OnPay. MFA is recommended, but not required. You can disable MFA at any time by logging into OnPay and editing your profile.
Choose how often you're prompted to provide an authentication code:
- Remember you for 30 days*
- Require MFA upon each login (every time, no exceptions)
If Multi-Factor Authentication is not enabled, you will be prompted to set up MFA upon each login.**
*OnPay uses cookies to "remember you" at login.
**This security prompt can not be hidden or disabled.
Editing your profile
Where you edit your OnPay profile will depend on whether you're an accountant with clients using OnPay, or you work at a company that uses OnPay to pay its workers. We'll cover both workflows here. Select below which applies best to your role.
For accountants and OnPay Partner Program members
In your accountant dashboard, click on your profile photo, then Edit Profile.
Not an accountant? Try Editing your profile for owners and company administrators (next).
For owners and company administrators
Click on your profile in the upper right.
Click Edit Profile.
From your organization dashboard, click the hamburger in the top left corner.
Click Profile.
Here, you can edit your personal info, including name and email, add a recovery email, change your password, or add Multi-Factor Authentication (MFA) to your account.
Setting up MFA
Open the "MFA" section of your profile, and click Enable MFA.
Choose your MFA method:
*SMS text is only ot be used if you do not have access to a smartphone. Using SMS text for verification is fundamentally less secure than using an authenticator.
Setting up an MFA Authenticator
Click Authenticator App.
You'll see a 2D barcode called a QR code on your screen. Launch your authenticator app on your smartphone, and use its built-in camera to scan this QR code. (For phones running Android OS, you may need to download a QR reader)
Can't See A Barcode?
If for any reason you don't see a 2D barcode, or your device's camera isn't recognizing the QR barcode, you can click "Can't See A Barcode?" to view a typable code to enter into your authenticator app.
The authenticator app will generate a 6-digit code that is valid for a limited time. Enter this 6-digit in the "Verification Code" field, and click Submit.
Once the valid code has been entered, this authentication method is listed in the "MFA" section of your profile.
*Keep in mind that once MFA is enabled, you must have access to this authenticator app in order for you to generate this authentication code and log in.
If you chose Send Text Message:
If you don't own a smartphone, but have a mobile phone with SMS (text) messaging, you can still enable 2-factor authentication (2FA). This is not as secure as MFA with an authenticator app, so be sure to only use the SMS option if you don't own a smartphone.
Enter the mobile number where you can receive text messages* and click Submit.
Check your messages for a new text.
Enter the temporary 6-digit code on your phone, and click Submit Code.
Once the valid code has been entered, this phone number is listed in the "MFA" section of your profile.
Logging in with MFA (authenticator)
Once MFA is enabled with an authenticator app, OnPay will access the same 6-digit codes generated by the authenticator app installed on your device, and approve your access upon login.
Enter the verification code and click Submit Code.
Disabling MFA
If you change your mind about this added security, or just need to change the authentication method associated with your login, you can always disable MFA.
To do this, return to your profile and click Edit Profile.
Click the MFA tile, and click Disable. Once disabled, you can leave it off (not recommended), or enable again MFA using your preferred method.
v6.22 ps