search icon

Keep data secure with Sage 2-factor authentication

2-factor authentication (2FA) is essential to keeping your data safe. Learn how to improve cyber security, make sure you can log in securely to Sage products, and get set up in 6 simple steps. 

Need support with 2FA set up? Follow these simple steps.

Need support with 2FA log in? Contact support.

Protect your data with Sage 2FA

Phishing attempts, use of personal devices, and weak passwords can put your data at risk. 2FA adds an extra layer of authorisation when users log in to prevent third parties accessing data, even if a username or password has accidentally been shared.


There were 5.6 billion annual malware attacks worldwide in 2020.1


The global average cost of a data breach is USD$3.86M.2


Credentials is the top category of compromised data in global SMB breaches.3


Nearly 40% of respondents never update their passwords.4

What is Sage 2FA?

It’s a simple way to protect your data from fraud and cyberattacks. 2-factor authentication adds extra security to your Sage account. Every time you log in, you’ll be given a 6-digit code to verify that it’s you.

Ways to get a 6-digit code

You can choose from 3 different methods. This verifies that users are who they say they are when logging into Sage products, helping to prevent fraudulent sign-in attempts.

Authenticator app: the most secure option, recommended by Sage—a time-based code is generated by an authenticator app (Microsoft Authenticator, Twilio Authy, and Google Authenticator) downloaded to the user’s mobile device, tablet or desktop. 

This is a reliable option if you are a frequent traveller. You can access a code using WiFi, even if your phone doesn't have any reception.

SMS text: the code is sent to your mobile device.

Phone: the code is sent via voice to a your mobile device or landline (depending on the number you have provided).

Set up 2FA in 6 simple steps

Step 1: Once you have decided how you want to receive your code (authenticator app, or text or phone), keep your phone/device close to you.

Step 2: Go to to log into Account Management.

Step 3: Select 2-factor authentication and click send email to get the set-up link.

Step 4: Scan the QR code from the authenticator app or enter a phone number to get a 6-digit code.

Step 5: Enter the 6-digit code and continue.

Step 6: Save the recovery code somewhere safe.

We recommend adding a secondary phone number or email address in case you are unable to access the device used for 2FA set-up. You will be prompted to do so once 2FA set-up is complete.


2FA is available for all Sage products and services that use Sage ID for account login.

Sage will be automatically enabling and mandating 2FA for users who log in directly to Sage products soon.
Auto-enablement and mandate dates vary by product. 

When your product is due to be mandated, you’ll receive notice before this goes into effect. 
Once you have set 2FA up it will work across all products you have access to using your Sage Account.

Sage supports most third-party authenticator apps, including Microsoft Authenticator, Twilio Authy, and Google Authenticator.

You can download any of these apps from the App Store on iPhone or Google Play on Android devices. Or you can use the authenticator app from your desktop/tablet with browser plugin.

After initial set-up, the login process will have one added step requiring you to enter a 6-digit code provided via authenticator app, SMS text, or phone call to your device. It’s easy to flag a device as 'trusted', which will save the 2FA information for 30 days before requesting another code at login.

Once 2FA is set up, you will receive a recovery code. It’s really important that users save this recovery code somewhere safe and accessible. This code will be required if you ever need to login but don’t have your devices with you to retrieve the code.

No, a code can only be used once. A 6-digit code will expire after three to five minutes.

Please view this support article or visit the Support Centre for your region.
Some Sage products require that you use 2FA to log in. In the future, all products will require you to set it up.
A recovery method is your last resort to logging in when you have lost your 2FA device and your recovery code. It can either be a phone number or an email address. If you need to log in and you don't have any other option available, we will send you a code to your recovery method so that you can log in or remove 2FA altogether.

Ready to protect your data with 2FA?

Get step-by-step instructions on how to get started from our team of experts or enrol now.

Give Feedback