Enabling and Managing 2FA

Why 2FA is Mandatory

At HwebPay, the security of your business funds is our highest priority. Two-Factor Authentication (2FA) is not optional; it is a critical requirement for every merchant. By enabling 2FA, you ensure that even if your password is compromised, no one can log in, change bank details, or initiate payouts without physical access to your verification device.

Supported 2FA Methods

• TOTP Apps (Highly Recommended): Use Google Authenticator, Authy, or Microsoft Authenticator. This is the fastest and most secure method because it works offline.
• Email OTP: A 6-digit code is sent to your registered business email. This is useful as a fallback but is less secure if your email account itself is compromised.

Step-by-Step Configuration

1. Log in to your HwebPay Dashboard and navigate to Settings > Security.
2. Under the "Two-Factor Authentication" section, click on "Set Up App".
3. A QR code will appear. Open your authenticator app and select "Scan a QR Code".
4. Once scanned, your app will start generating 6-digit codes every 30 seconds.
5. Enter the current code from the app into the HwebPay dashboard to verify the connection.
6. Critical: You will be shown a list of 10 Recovery Codes. Print these or save them in a secure password manager. They are the only way to access your account if you lose your phone.