2-factor authentication (2FA) is essential to keeping your data safe. Learn how to improve cybersecurity, make sure your users can log in securely to Sage products, and get set up in 5 simple steps.
Users can choose from 3 different methods to receive their OTP. This verifies that users are who they say they are when logging into Sage products, helping to prevent fraudulent sign-in attempts.
SMS text: the OTP is sent to a user's mobile device.
Phone: the OTP is sent via voice to a user's mobile device or landline.
Users can set up 2FA quickly and easily, whichever option they choose to use.
Step 1: Go to https://account.sso.sage.com/mfa to log into your Sage product.
Step 2: Send an email from the 2FA section to get the set-up link.
Step 3: Scan a QR code from the authenticator app or enter a phone number to get a 6-digit code.
Step 4: Enter the 6-digit code and continue.
Step 5: Save the recovery code somewhere safe.
We recommend adding a secondary phone number or email address in case you are unable to access the device used for 2FA enrollment. You will be prompted to do so once 2FA setup is complete.
There were 5.6 billion annual malware attacks worldwide in 2020.1
The global average cost of a data breach is USD$3.86M.2
Credentials is the top category of compromised data in global SMB breaches.3
Nearly 40% of respondents never update their passwords.4
2FA is available for all Sage products and services that use Sage ID for account login. This includes, but is not limited to cloud products such as Sage Accounting, Sage Payroll, and Sage HR (via single sign-on/SSO) and connected services such as bank feeds and payments. We’re working to add 2FA to more products and services as we develop our solutions.
If you are not already taking advantage of 2FA security, you will soon be prompted to enrol in 2FA when you log into your Sage Account.
Sage supports most third-party authenticator apps, including Microsoft Authenticator, Twilio Authy, and Google Authenticator.
Users can download these apps from the App Store on iPhone or from Google Play on Android devices. Some authenticator apps are also supported for desktop use or via browser plugin.
After initial setup, the login process will have one added step requiring users to enter a one-time passcode provided via SMS text to their mobile device. It’s easy to flag a device as “trusted,” which will save the 2FA information for 30 days before requesting another passcode at login.
Once 2FA is set up, users will receive a recovery code. It’s really important that users save this recovery code somewhere safe and accessible. This code will be needed if they ever need to login but don’t have their devices with them to retrieve the one-time passcode.
No. Passcodes can only be used once. One-time passcodes with a time limit will expire after three to five minutes.
You can turn off 2FA at any time through Account Management.
Give Feedback
