All Collections
Factsheets & Guides
Two-factor authentication (2FA)
Two-factor authentication (2FA)
Rebecca Russell avatar
Written by Rebecca Russell
Updated this week

1️⃣ What is two-factor authentication?

Two-factor authentication (2FA) adds an extra level of security to your PayFit account.

When logging in to your account, in addition to your usual credentials (email and password), you'll be asked to enter a verification code. This code, in your authenticator app or received by SMS, must be entered at each new connection or if you close your Internet browser. You can choose to remember this device for 30 days, though.

PayFit offers three methods of two-factor authentication:

  • One-Time Password (OTP), using an authenticator app such as Google Authenticator or Okta.

  • SMS, sent to the phone number you'll enter when activating the feature.

  • Email, sent to the login email address used for your PayFit account.

Note: Two-factor authentication via email is enabled by default. You won't see this option within your account settings unless you've enabled a second factor (SMS or OTP). Once a second factor has been activated, a new section appears in your account settings showing the two backup methods:

  • Recovery code

  • Email backup method

It's possible to deactivate this advanced security feature, but for security reasons, we strongly recommend that you keep it on.

2️⃣ How to set up two-factor authentication?

Choose from one of the options below. Once you've set up a second factor, you can then refer to Section 5️⃣ to set up biometric authentication too.

Set up SMS two-factor authentication

  1. If you're an admin, from the bottom-left, click your company name, Personal settings, then the Login & Security tab.

    If you're an employee or a manager, from the bottom-left, click your name, then Personal settings.

  2. Under the Two-factor Authentication section, next to SMS, click Add.

  3. To enable the feature, enter your password, then click Continue.

  4. Enter your area code and your phone number, then click Confirm.

  5. A verification code will be sent to the number indicated.

  6. Enter the code and click Confirm.

    If this is your first enrolment, you'll be asked to note down your recovery code. This is a long string of digits that you can use later to unlink your phone number if you're unable to receive an SMS. It's important that you keep this code in a secure location.

  7. Tick the box to confirm you've stored the code securely, then click Continue.

  8. Finally, click Confirm.

Set up One-Time Password (OTP) two-factor authentication

  1. If you're an admin, from the bottom-left, click your company name, Personal settings, then the Login & Security tab.

    If you're an employee or a manager, from the bottom-left, click your name, then Personal settings.

  2. Under the Two-factor Authentication section, next to One-time password, click Add.

  3. To enable the feature, enter your password, then click Continue.

  4. Scan the QR code using your two-factor authentication app.

  5. Enter the code presented in your two-factor authentication app into PayFit.

  6. Click Continue.

    If this is your first enrolment, you'll be asked to note down your recovery code. This is a long string of digits that you can use later to unlink the authenticator app if you're unable to access it. It's important that you keep this code in a secure location.

  7. Tick the box to confirm you've stored the code securely, then click Continue.

3️⃣ How do I log in with two-factor authentication?

To log into your PayFit Administrator account, follow these steps:

  1. After entering your email address and password, you'll be prompted to enter your verification code.

  2. Enter the code you received either via SMS or on your authenticator app.

  3. Click Continue to log in.

4️⃣ How to disable two-factor authentication?

Note: For security reasons, we strongly recommend that you keep two-factor authentication enabled.

  1. If you're an admin, from the bottom-left, click your company name, Personal settings, then the Login & Security tab.

    If you're an employee or a manager, from the bottom-left, click your name, then Personal settings.

  2. Under the Two-factor authentication section, next to the authentication method you have set up, click Remove.

  3. To proceed, enter your password.

  4. Enter the code, either received via SMS or on your authenticator app.

  5. Click Continue.

Tip: If you want to re-enable two-factor authentication later, follow the instructions in the 2️⃣ How to enable two-factor authentication? section.

5️⃣ How do I enable biometric authentication?

If your device supports biometric authentication, you can use this method to log into your account (using fingerprint, facial recognition, or Windows Hello features).

Note: This option is only available once you've enabled SMS or OTP authentication on your account.

To activate biometric authentication:

  1. First, log in to your PayFit account, enter your password, and validate your second authentication factor (SMP or OTP).

  2. You'll then be prompted to Use fingerprint or face recognition to login.

  3. Click Continue, you might be asked to select the profile to use (only one will appear).

  4. Click Continue again.

  5. You'll be asked to validate your biometry, e.g., scan your fingerprint, to complete the activation.

If you previously skipped the biometry activation by selecting Not on this device, you can clear your browsing history and cookies, or use a private browsing session, to be prompted again to set this up. Or if you click Remind me later, it will appear again the next time you log in.

Note: If you can’t use the method prompted by default (for example, you don’t have access to your phone), you can click Other Methods to use the alternative methods you've activated (SMS or OTP), or the backup methods (email or recovery code).

Troubleshooting login issues

How can I improve the security of my PayFit account?

For even more security, you can change your password to make it more complex.

I forgot my password

  1. From the login page, click Reset password.

  2. You'll receive an email with a link to reset your password.

  3. Click the link, then follow the on-screen instructions to reset your password.

If you don't receive the email, check that you’re using the correct email account and check your junk or spam folders.

If you don't have access to the mailbox as it's inactive or a shared mailbox, please reach out to your IT department for access to this mailbox

If you're still unable to log in, please refer to the I still can't log in section below.

I used the wrong password too many times

Once you've entered the incorrect password and locked your account, you'll receive an email from PayFit with a link to unlock your account. If you don't receive the email, check that you're using the email account linked to your PayFit login, and check your spam or junk folders too.

If you're still unable to log in, please refer to the I still can't log in section below.

I can't use the registered device

If you have a new number, a new device, or the phone number is wrong, please refer to the I still can't log in section below.

If the number now belongs to someone else, please reach out to see if your administrator can grant you access to the phone or to collect the verification code.

If you're still unable to log in, please refer to the I still can't log in section below.

I don't receive the SMS

Tip: All text messages are sent to the initially registered phone.

First, please click Resend code. Sometimes carriers might have a temporary issue delivering messages.

If that doesn't work, check to see if your device’s SMS inbox is full. If possible, delete any unnecessary messages, then click Text me with a new code.

If you still don't receive the text, you'll need to use a backup method. To do this, click Try another method, and choose one of the following options:

  • Email: You'll receive an email to the registered email address with a verification code

  • SMS: If activated, you'll receive a text message with the verification code.

  • OneTimePassword: If activated, use the generated code on your authenticator app (Google Authentication, Authy, etc.)

  • One-Time Recovery code: This is the code you noted when you first set up 2FA.

If you're still unable to log in, please refer to the I still can't log in section below.

I have issues with my Authenticator app

Check that your device has the correct date and time. If your date and time are out of sync, for example, in the wrong timezone, you'll need to change this. The wrong date and time on your device cause your generated codes to be out of sync.

If it's still blocked, you'll need to use a backup method. To do this, click Try another method, and choose one of the following options:

  • Email: You'll receive an email to the registered email address with a verification code

  • SMS: If activated, you'll receive a text message with the verification code.

  • OneTimePassword: If activated, use the generated code on your authenticator app (Google Authentication, Authy, etc.)

  • Recovery code: This is the code you noted when you first set up 2FA.

If you're still unable to log in, please refer to the I still can't log in section below.

I have issues with Biometry

You'll need to use a backup method. To do this, click Try another method, and choose one of the following options:

  • Email: You'll receive an email to the registered email address with a verification code

  • SMS: If activated, you'll receive a text message with the verification code.

  • One-Time-Password: If activated, use the generated code on your authenticator app (Google Authentication, Authy, etc.)

  • Recovery code: This is the code you noted when you first set up 2FA.

If you're still unable to log in, please refer to the I still can't log in section below.

I still can't log in

If you're an employee or a manager, please contact your payroll department, who can verify your identity, and send a request through to us.

If you're not able to contact your payroll department, please email en-support-mfa@payfit.com with your name. You'll be sent a link to a third-party authentication service to verify your identity so we can resolve your login issues.

If you're an admin, please contact us via the Help Centre, with the name and email address of the user.

Did this answer your question?