search icon

Keep data secure with Sage two-factor authentication

Keep your data safe, your way with two-factor authentication (2FA). Learn how to improve cybersecurity, ensure your users can log in securely to Sage products, and get set up in 5 simple steps.

What is Sage 2FA?

It’s a simple way to protect your data from fraud and cyberattacks. When users log in to Sage, they can authorise access to their data with a one-time passcode (OTP), as well as their password. There are different methods of authentication that you can choose to use with Sage products.

3 ways to use 2FA

Users can choose from 3 ways to receive a one-time passcode (OTP). This will verify their details when they log into Sage products and help prevent fraudulent sign-in attempts: 

  • Authenticator app: the most secure option, recommended by Sage – a time-based OTP is generated by an authenticator app downloaded to the user’s mobile device or desktop. See how this works.

  • SMS text: the OTP is sent to a user's mobile device ​

  • Phone: the OTP is sent via voice to a mobile or landline

Set up 2FA in 5 simple steps

Users can set up 2FA quickly and easily, whichever option they choose to use.

Step 1: Log in to your Sage product and go to the Account Management area

Step 2: Send an email from the 2FA section to get the set-up link

Step 3: Enter phone number or scan a QR code from the authenticator app to get a 6-digit code

Step 4: Enter the 6-digit code and continue

Step 5: Save the recovery code somewhere safe

Protect your data with Sage 2FA

Phishing attempts, use of personal devices, and weak passwords can put your data at risk. 2FA adds an extra layer of authorisation when users log in to prevent third parties accessing data, even if a username or password has accidentally been shared.


There were 5.6 billion annual malware attacks worldwide in 2020.1


The global average cost of a data breach is USD$3.86M.2


Credentials is the top category of compromised data in global SMB breaches.3


Nearly 40% of respondents never update their passwords.4


2FA is available to set up within some Sage 200 tiers, Sage 100c, Sage 50c, Sage Payroll, Sage HR (via SSO), Sage Accounting, AutoEntry, and Sage X3. We’re working on adding 2FA to even more products as we develop our solutions.

Please contact your Sage product administrator if you have questions about the status of your Sage product.

Sage supports most third-party authenticator apps, including Microsoft Authenticator, Twilio Authy, and Google Authenticator.

Apple users can download the app from the App Store or from Google Play on Android devices. Or they can use the authenticator app from their desktop for authenticator apps that also offer a desktop version or a browser plugin.

After initial setup, the login process will have one added step requiring users to enter a one-time passcode provided via SMS text to their mobile device. It’s easy to flag a device as “trusted,” which will save the 2FA information for 30 days before requesting another passcode at login.

Once 2FA is set up, users will receive a recovery code. It’s really important that users save this recovery code somewhere safe and accessible, as they will need this code if they ever need to log in but don’t have their devices with them to retrieve the one-time passcode.

No. Passcodes can only be used once. One-time passcodes with a time limit will expire after three to five minutes.

You can turn off 2FA at any time by going into your account settings.

Ready to protect your data with 2FA?

Get step-by-step instructions on how to get started from our team of experts or enrol now.

Give Feedback