Keep your data safe, your way, with two-factor authentication (2FA). Learn how to improve cybersecurity, make sure your users can log in securely to Sage products and get set up in five simple steps.
It’s a simple way to protect your data from fraud and cyberattacks. When users log in to Sage, they can authorise access to their data with a one-time passcode (OTP), as well as their password. There are different methods of authentication that you can choose to use with Sage products.
Users can choose from three ways to receive a one-time passcode (OTP). This will verify their details when they log in to Sage products and help prevent fraudulent sign-in attempts:
Authenticator app: the most secure option, recommended by Sage - a time-based OTP is generated by an authenticator app downloaded to the user’s mobile device or desktop. See how this works.
SMS text: the OTP is sent to a user's mobile device
Phone: the OTP is sent via voice to a mobile or landline
Users can set up 2FA quickly and easily, whichever option they choose to use.
Step 1: Log in to your Sage product and go to the Account Management area
Step 2: Send an email from the 2FA section to get the set-up link
Step 3: Enter phone number or scan a QR code from the authenticator app to get a 6-digit code
Step 4: Enter the 6-digit code and continue
Step 5: Save the recovery code somewhere safe
There were 5.6 billion annual malware attacks worldwide in 2020.1
The global average cost of a data breach is USD$3.86M.2
Credentials is the top category of compromised data in global SMB breaches.3
Nearly 40% of respondents never update their passwords.4
2FA is available to set up within some Sage 200 tiers, Sage 100c, Sage 50c, Sage Payroll, Sage HR, Sage Accounting, AutoEntry, and Sage X3. We’re working on adding 2FA to even more products as we develop our solutions.
Please contact your Sage product administrator if you have questions about the status of your Sage product.
Sage supports most third-party authenticator apps, including Microsoft Authenticator, Twilio Authy, and Google Authenticator.
Users can download the app from the App Store on iPhones or from Google Play on Android phones. Or they can use the authenticator app from their desktop for authenticator apps that also offer a desktop version or a browser plugin.
After initial setup, the login process will have one added step requiring users to enter a one-time passcode provided via SMS text to their mobile device. It’s easy to flag a device as “trusted,” which will save the 2FA information for 30 days before requesting another passcode at login.
Once 2FA is set up, users will receive a recovery code. It’s really important that users save this recovery code somewhere safe and accessible, as they will need this code if they ever need to login but don’t have their devices with them to retrieve the one-time passcode.
No. Passcodes can only be used once. One-time passcodes with a time limit will expire after three to five minutes.
You can turn off 2FA at any time by going into your account settings.
Give Feedback