What is Two Factor Authentication (2FA)?

Lightning Pay is built to secure your data, find out how it works.

 

Two Factor Authentication (2FA) has been industry best practice on securing customer accounts for some time. Even so, you may be unfamiliar with how it works. We're here to walk you through it, so you can access Bitcoin services at Lightning Pay with confidence!

Lightning Pay Security Basics

Our security model at Lightning Pay requires two factors for login. The first factor is your email. When you Login at Lightning Pay, the first step is to enter your email, grab the code we send, and enter it into your browser. This ensures that you have control of the email used to setup the account.

Next, we ask you for a second security verification. There are two ways to do this at Lightning Pay, and we'll walk you through both. 

 

Two Factor Authentication Methods

 

Time-based One-time Passwords (TOTP)

A Time-based One-time Password (TOTP) requires you to use a special mobile app, which stores a secret that is specifically used for your Lightning Pay account. This app will generate a new passcode for you to use as your second factor, rotating these passcodes every 30 seconds. The first step to being ready to set this up is to download an app to your mobile device:

Google Authenticator - The most commonly used TOTP App

2FAS - Our favourite open-source alternative, available on both Android and iOS

Setup TOTP

When you first sign up at Lightning Pay, enter your email, and then use the code to login, you'll be presented with the setup for a Time-based One-time Password (TOTP). This is a requirement to setup your account at Lightning Pay, but you can choose an alternative method later if your prefer (discussed below). 

 

This setup process is very straight forward:

  1. Download a two-factor authentication app on your smartphone if you don't have one already
  2. Scan the image provided with the authenticator app on your phone or manually enter the text code instead.
  3. Once the QR code is scanned your app will show a 6 digit code that changes every 30 seconds, press "continue" and enter the latest code from the app.
  4. If you are lost or need help please contact us at support@lightningpay.nz

Important: Do not lose your 2FA app. If you forget what app you used, or cannot access this 2FA in the future,  we may have to re-verify your identity to allow access to your account.

Using a TOTP App to Login

After setup, the next time you login, you'll be asked to do the same process with your email (find the code and enter it in your browser), and you'll be greeted with a new screen for entering your one-time passcode. Simply open the app and view the passcode reserved for Lightning Pay.

To transfer this code, you can either:

  • Copy-Paste the code to your browser window if using your mobile device to access Lightning Pay
  • Enter the code manually into your browser

 

That's the basics of using a Time-based One-Time Password (TOTP) as your second factor. Once you have this setup, we offer an alternative 2nd factor, Passkeys, which are a little more convenient to use, and offer a similar level of security.

 

Passkeys

Passkeys are a relatively new alternative or supplement to TOTP options. These use a key that is held on your mobile or desktop device that is specifically suited for logging into a service. These can be used with your biometric verification (fingerprint, facial ID) on your mobile device as well, ensuring it is you logging in!

Setup Passkeys

To setup a Passkey, simply login to Lightning Pay, and go to your account by selecting "My Account" in the menu at the top right.

Then, navigate to "Security" and "Register a new Passkey"

 

Follow the prompts to complete setting up your new passkey.

 

Now, when you login, you'll have your 2FA automated by your device, simple as that.

 

Summary

 

The security of your account is something we take very seriously at Lightning Pay. So you might be introduced to new concepts when you sign up. Two factor authentication ensures your Lightning Pay account remains secure, and there are multiple options to use when logging into your account.

If you ever find yourself confused, absolutely reach out. We work very hard to provide you with great bitcoin services, but we're also committed to helping you through anything you have questions about.