In the ever-evolving landscape of information technology, data security is of utmost importance, especially when it comes to sensitive information and financial transactions. Recognizing this, the e-Waybill/e-Invoice System has recently introduced a significant security enhancement known as '2-Factor Authentication (2FA)'.
This article aims to provide a comprehensive understanding of 2FA and its implementation in the e-Waybill and e-Invoice System, emphasizing the importance of the additional security measure.
Latest Update on 2FA Login
The National Informatics Centre (NIC) has introduced '2-Factor Authentication (2FA)' for e-Invoice/e-Waybill on 12th June, 2023, which mandates registration for 2FA by taxpayers with AATO above Rs 100 Crore and to authenticate their login process using OTP as the 2nd factor, in addition to submission of username and password, with effect from 20th August 2023. Non-adherence may cause inability to login at GST e-Invoice & e-Waybill System in the case of eligible taxpayers.
What is 2-Factor authentication in GST e-Invoice & e-Waybill System?
2-Factor authentication (2FA) is a security measure that adds an extra layer of protection to user accounts in GST e-Invoice & e-Waybill System by requiring users to provide two different types of identification factors.
These factors typically include something the user knows (username/password) and something the user creates dynamically (SMS or app based OTPs/security tokens obtained from the mobile phone device).
Modes of Generating OTP for Login to GST e-Invoice & e-Waybill System
To ensure flexibility and convenience for users, the e-Waybill/e-Invoice System offers three different modes or methods for generating the OTP. Users have the freedom to choose the option that best suits their preferences and requirements.
Let's explore each mode in detail:
1. OTP via SMS on Registered Mobile
The SMS method provides a straightforward approach to receiving the OTP. When logging in, an OTP will be sent to the user's registered mobile number (RMN) via SMS.
This ensures that the authentication code is conveniently delivered to the user's mobile device, enabling a seamless login experience.
2. OTP via Sandes App
Sandes is a messaging app provided by the Government of India, offering secure communication channels. Users can download and install the Sandes app, from Play/App Store, on their registered mobile number to receive the OTP directly through the application.
This mode offers an alternative to SMS and provides an added layer of security for users. However users are required to have internet connectivity for obtaining the OTP using this App.
2. OTP via NIC-GST-Shield App
The NIC-GST-Shield app is a dedicated mobile application specifically designed for the e-Waybill/e-Invoice System. Users can generate the OTP by downloading and installing the app from the e-Waybill/e-Invoice portal.
To download the app on mobile, navigate to the
'Main Menu > 2-Factor Authentication' section and
click on the 'Install NIC-GST-Shield' link.
Once the app is opened, an OTP will be displayed, which can be used for authentication. Notably, the OTP refreshes every 30 seconds, ensuring an additional layer of security. The app functions independently and does not require an internet connection or mobile network dependency for generating the OTP.
Steps for 2-Factor authentication registration
Registering for 2-Factor Authentication for e-invoice/e-Waybill System is a simple and straightforward process. Follow these steps to complete the registration:
- Log in to the e-Waybill System using your credentials.
- Open '2 Factor Authentication' Tab from the 'Main Menu'
- Choose 'Install Sandes App' or 'Install NIC-GST-Shield App', if so preferred over SMS. Follow the installation instructions and complete the process.
- Click on the Registration option in '2 Factor Authentication' Tab and follow the on-screen instructions to confirm the registration process.
Once the registration is successfully completed, the system will prompt you to enter the OTP along with your username and password during login. It is important to note that OTP authentication is linked to individual user accounts.
Sub-users of GSTIN will have separate authentication based on their registered mobile numbers in the e-Waybill/e-Invoice System. After registering for 2-Factor Authentication, it will apply to both the e-Waybill and e-Invoice systems, providing comprehensive security across both platforms.
2-Factor Authentication: FAQ
The core purpose of implementing 2-Factor Authentication (2FA) in the e-Waybill and e-Invoice System is to fortify the login process and enhance the overall security posture of the system. It adds an extra layer of protection against unauthorized access to sensitive information and financial transactions.
2-Factor Authentication (2FA) in the GST e-Invoice & e-Waybill System requires users to provide two different types of identification factors. Typically, users need to provide something they know (username/password) and something they create dynamically (SMS or app-based OTPs/security tokens obtained from mobile) to gain access to their accounts.
The GST e-Invoice & e-Waybill System offers three different modes for generating OTP:
i) OTP via SMS: An OTP is sent to the user's registered mobile number via SMS.
ii) OTP via Sandes App: Users can download the Sandes app and receive the OTP directly through the application, providing an alternative to SMS.
iii) OTP via NIC-GST-Shield App: Users can download and install the NIC-GST-Shield app from the e-Waybill/e-Invoice portal, and the OTP is generated within the app. The app functions independently and does not require an internet connection for OTP generation.
Follow these steps:
i) Log in to the e-Waybill System using your credentials.
ii) Go to the 'Main Menu' and select '2 Factor Authentication.'
iii) Follow the on-screen instructions to complete the registration process.
Taxpayers with an Annual Aggregate Turnover (AATO) above Rs 100 crore are required to comply with the mandatory 2-Factor Authentication (2FA) requirement in the e-Waybill/e-Invoice System. This requirement is effective from 20th August 2023. Small taxpayers with AATO up to Rs 100 crore are not covered yet.
Generate complete and ready-to-use
e-Invoices in just
Generate e-Invoices directly from your ERP Hassle-free