2-Factor Authentication in the e-Way Bill and e-Invoice System

In today's digital era, ensuring the security of sensitive information is of paramount importance. With the increasing use of e-Way Bills and e-Invoice systems for smooth business transactions, the National Informatics Centre (NIC) has taken a significant step to enhance security measures.

2-Factor Authentication has been made mandatory from 15th July, 2023 for all the taxpayers with Aggregate Annual Turnover (AATO) above 100cr for logging into the e-Way Bill and e-Invoice system, adding an extra layer of protection.

Understanding 2-Factor Authentication: 2-Factor Authentication provides an additional layer of security beyond the standard username and password combination. It requires users to provide a second form of authentication, typically an OTP, to access the system. This ensures that even if someone gains access to the login credentials, they would still need the OTP to proceed further, significantly reducing the chances of unauthorized entry.

Methods of Receiving the OTP: To cater to different user preferences and enhance convenience, NIC offers three different methods of receiving the OTP for authentication. Users can choose any of the following methods based on their preference and availability:

• SMS: The OTP will be sent as an SMS to the registered mobile number associated with the user account. This method ensures that users can receive the OTP directly on their mobile devices, making it easily accessible.

• 'Sandes' App: 'Sandes' is a government-provided messaging app that facilitates secure communication. Users can download and install the Sandes app on their registered mobile number to receive the OTP. This method offers an additional layer of security by leveraging a government-approved messaging platform.

• 'NIC-GST-Shield' App: The 'NIC-GST-Shield' mobile app is specifically designed for generating OTPs for e-Way Bill and e-Invoice systems. Users can download the app from the e-Way Bill or e-Invoice portal's 'Main Menu -> 2-Factor Authentication' section. After installing and registering the app on their registered mobile number, users can synchronize the app's displayed time with the e-Way Bill or e-Invoice system. The app generates an OTP, which users can enter for authentication. Importantly, the OTP on this app refreshes every 30 seconds, ensuring heightened security. No internet connection or mobile network dependency is required for OTP generation using this app.

Registration for 2-Factor Authentication: To take advantage of the enhanced security provided by 2-Factor Authentication, users must register for it. The registration process is simple and can be completed by following these steps:

• Log in to the e-Way Bill System.
• Navigate to 'Main Menu -> 2 Factor Authentication.'
• Confirm the registration for 2-Factor Authentication.
• Once registered, the system will prompt users to enter the OTP along with their username and password during login.

It's important to note that OTP authentication is based on individual user accounts. Sub-users associated with a GSTIN will have separate authentication based on their registered mobile numbers in the e-Way Bill or e-Invoice System. Once registered for 2-Factor Authentication, the same applies to both the e-Way Bill and e-Invoice systems.

  Report