We recently rolled out a 2FA (Two-factor authentication) on your Mercury online account as an optional feature.
As of 13th April 2020, this will become a requirement for all users and we will be rolling this out in phases to users between 13th April and 24th April.
Why are we making it necessary?
Two-factor authentication (or 2FA) is an extra layer of security to make sure someone trying to access their online account is who they say they are. By enabling this we are therefore able to provide better security and protection of our clients’ data and money.
When using 2FA at the point of log in it will ensure that our users have a smooth log in experience, without the need to answer a security question. 2FA will also become necessary for all users logging into the platform as part of our plans to meet regulatory requirements and security standards.
What does this mean?
After the deadline, if a user hasn’t already registered for 2FA, they will need to do so to log into the platform. As part of a phased rollout, your Customer Success Manager will be in touch to help manage this process.
What will users need to do?
If a user has already registered for 2FA as part of the optional roll-out, there’s nothing else to do.
If a user has not registered, at the point of login they will be prompted to register for 2FA using their mobile phone number by taking the following steps:
- Download the Authy mobile application when prompted and start the simple registration process. Using the app is the most secure and easiest way of enabling 2FA. At the point of registration, a user can choose to receive a 2FA code via SMS instead if they prefer.
- Once registered, users will be asked to identify themselves by providing a second factor whenever they log in to Direct from a new device, or every 15 days from an existing device.
Using Two-Factor Authentication and FAQ’s
- Is 2FA necessary?
Yes. In line with regulation requirements, we are now rolling out 2FA for all users in a phased approach starting 13 th April 2020. Your Customer Success Manager will have been in touch about this but please reach out to them directly if you have any questions.
- I don’t have an Apple or Android device. What should I do?
Users can download a Desktop app on a Windows or Apple computer by visiting: https://authy.com/download/. We are exploring introducing SMS verification in the future if we see enough demand from clients.
- Can I use another authenticator app like Google Authenticator instead?
Not at this time, we believe Authy is the best app for the job. But this is something we’ll be monitoring demand for with a view to introducing in future.
- I don’t have my phone with me. What should I do?
You need to have access to a device registered to receive your 2-factor authentication prompts in order to keep your account secure. The best thing to do is to enable Authy Multi-Device which allows multiple trusted devices to use the same Authy account. This will also help if you ever lose access to one of your devices. If you can’t access any of your devices and urgently need to access your account, please contact our support team.
- Other problems using Authy.
For any other issues with Authy, you can find help here: https://authy.com/help/.