search icon

Keep data secure with Sage 2-factor authentication

2-factor authentication (2FA) is essential to keeping your data safe. Learn how to improve cybersecurity, make sure your users can log in securely to Sage products, and get set up in 5 simple steps.

What is Sage 2FA?

It’s a simple way to protect your data from fraud and cyberattacks. When users log in to Sage, they can authorise access to their data with a one-time passcode (OTP), as well as their password. There are different methods of authentication that you can choose to use with Sage products.

3 ways to use 2FA

Users can choose from 3 different methods to receive their OTP. This verifies that users are who they say they are when logging into Sage products, helping to prevent fraudulent sign-in attempts.

Authenticator app: the most secure option, recommended by Sage—a time-based OTP is generated by an authenticator app downloaded to the user’s mobile device or desktop.

SMS text: the OTP is sent to a user's mobile device.

Phone: the OTP is sent via voice to a user's mobile device or landline.

Set up 2FA in 5 simple steps

Users can set up 2FA quickly and easily, whichever option they choose to use.

Step 1: Go to to log into your Sage product.

Step 2: Send an email from the 2FA section to get the set-up link.

Step 3: Scan a QR code from the authenticator app or enter a phone number to get a 6-digit code.

Step 4: Enter the 6-digit code and continue.

Step 5: Save the recovery code somewhere safe.

We recommend adding a secondary phone number or email address in case you are unable to access the device used for 2FA enrollment. You will be prompted to do so once 2FA setup is complete. 

Protect your data with Sage 2FA

Phishing attempts, use of personal devices, and weak passwords can put your data at risk. 2FA adds an extra layer of authorisation when users log in to prevent third parties accessing data, even if a username or password has accidentally been shared.


There were 5.6 billion annual malware attacks worldwide in 2020.1


The global average cost of a data breach is USD$3.86M.2


Credentials is the top category of compromised data in global SMB breaches.3


Nearly 40% of respondents never update their passwords.4


2FA is available for all Sage products and services that use Sage ID for account login.  This includes, but is not limited to cloud products such as Sage Accounting, Sage Payroll, and Sage HR (via single sign-on/SSO) and connected services such as bank feeds and payments. We’re working to add 2FA to more products and services as we develop our solutions.  

If you are not already taking advantage of 2FA security, you will soon be prompted to enrol in 2FA when you log into your Sage Account. 

Sage supports most third-party authenticator apps, including Microsoft Authenticator, Twilio Authy, and Google Authenticator.

Users can download these apps from the App Store on iPhone or from Google Play on Android devices. Some authenticator apps are also supported for desktop use or via browser plugin. 

After initial setup, the login process will have one added step requiring users to enter a one-time passcode provided via SMS text to their mobile device. It’s easy to flag a device as “trusted,” which will save the 2FA information for 30 days before requesting another passcode at login.

Once 2FA is set up, users will receive a recovery code. It’s really important that users save this recovery code somewhere safe and accessible. This code will be needed if they ever need to login but don’t have their devices with them to retrieve the one-time passcode.

No. Passcodes can only be used once. One-time passcodes with a time limit will expire after three to five minutes.

You can turn off 2FA at any time through Account Management.

Please visit the Support Centre for your region.

Ready to protect your data with 2FA?

Get step-by-step instructions on how to get started from our team of experts or enrol now.

Give Feedback