What is Two-Factor Authentication (2FA)?

Two-Factor Authentication (2FA) is an additional layer of security used to ensure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information.

This second factor could come from any one of the following categories:


  • Something you know: A second password, a PIN, or an answer to a secret question.
  • Something you have: A smartphone, a smart card, or a physical token.
  • Something you are: A fingerprint, retinal scan, or other biometric.


By combining two of these factors, 2FA significantly enhances the security of your account compared to single-factor authentication, which only relies on a password.


Why is 2FA required on my Tax Trove account?


Security is one of our very top priorities at Tax Trove, and it is for this reason that 2FA is required on your Tax Trove account at all times to protect sensitive financial and personal information. In addition, this ensures that Tax Trove is compliant with modern regulatory requirements and industry standards for data protection. With the increasing number of cyber threats and data breaches, relying solely on passwords is no longer sufficient. 2FA ensures that even if someone knows your password, they still need another piece of information to access your account, making unauthorised access much more difficult.


What is TOTP?


TOTP stands for Time-based One-Time Password. It is a type of one-time password (OTP) that is generated by an algorithm which uses the current time as one of its factors. TOTP codes are typically generated by an authenticator app installed on a user’s smartphone and change every 30 seconds.



Why is TOTP Better than SMS OTP?


1. Increased Security:


  • Resistant to SIM Swapping: TOTP codes are generated on your device and are not sent over the mobile network. This makes them immune to SIM swapping attacks, where a malicious actor transfers your phone number to their SIM card to intercept SMS codes.


  • No Network Dependency: TOTP codes are generated independently of any network connection. They work even when your phone is in airplane mode or you have no cellular reception.


2. Enhanced Privacy:


  • No Exposure to Interception: SMS messages can be intercepted by malicious software or people with access to the telecommunication infrastructure. TOTP codes, however, remain on your device and are not transmitted over potentially insecure networks.


3. Reliability:


  • No Delays: SMS delivery can sometimes be delayed due to network issues or carrier delays. TOTP codes are generated instantly on your device, ensuring that you have immediate access to the current code.


  • No Roaming Charges: When traveling internationally, receiving SMS messages may incur roaming charges. TOTP codes can be generated without any additional costs.


4. Convenience:


  • Works Offline: Since TOTP codes are generated based on time, they do not require an internet connection or mobile signal. This can be particularly useful in areas with poor connectivity.


  • Single App for Multiple Accounts: An authenticator app can store TOTP configurations for multiple accounts, making it easier to manage your 2FA codes in one place.


By using TOTP instead of SMS OTP for your Tax Trove account, you benefit from a more secure, private, and reliable method of authentication. This helps to ensure that your sensitive financial information remains protected against various forms of cyber threats.

What is an authenticator app?


An authenticator app is a software application that generates a one-time passcode (OTP) which is used as the second factor in two-factor authentication. This passcode typically changes every 30 seconds and can be used in combination with your regular password to log into your account.


Some popular authenticator apps include:


  • Google Authenticator
  • Microsoft Authenticator
  • Authy
  • LastPass Authenticator


These apps are available for both Android and iOS devices and can be easily set up to work with your Tax Trove account.

Here’s how TOTP works:


  • When you set up 2FA with TOTP, you scan a QR code or enter a setup key provided by the service (e.g., Tax Trove) into your authenticator app.
  • The app uses this key and the current time to generate a unique code.
  • This code is only valid for a short period (usually 30 seconds), ensuring it’s only useful for a brief window of time.
  • To log in, you enter this code along with your username and password.


How do I log in with an authenticator app?


Logging in with an authenticator app is straightforward. Here are the steps:


1. Set Up the Authenticator App:

  • Download and install an authenticator app on your smartphone.
  • Open the app and add a new account by scanning a QR code provided by Tax Trove or by entering a setup key manually.


2. Log In:

  • Enter your username and password on the Tax Trove login page.
  • Open your authenticator app to view the current one-time passcode.
  • Enter the passcode into the appropriate field on the Tax Trove login page.
  • Click “Continue”


Your account will now be securely accessed using 2FA.


What happens if my phone is stolen or lost?


If your phone is stolen or lost, and it contains your authenticator app, don’t panic. Here are the steps to take:


1. Contact Support:

  • Immediately contact Tax Trove support to inform them about the situation. After verifying your identity they will help you disable 2FA temporarily and guide you through the process of re-securing your account.

2. Set Up a New Device:

  • Once you regain access to your account (via support), you can set up your authenticator app on a new device.

3. Consider Backup Options:

  • Some authenticator apps, like Authy, offer backup and multi-device synchronization features. If you had such a feature enabled, you could restore your tokens on a new device.