The Two-Factor Authentication (2FA) mechanism is soon going to be a part of the login to GST Portal to enhance security. This marks a crucial step in fortifying the login process, ensuring a more secure and robust experience for taxpayers. A recent advisory issued on 1st December 2023 outlines the phased implementation, and the pivotal role of One-Time Passwords (OTPs) and provides essential updates for taxpayers.
Both the E-invoicing and E-way Bill systems of the Government have 2FA mechanism running from last month for taxpayers having turnover about 20 cr. 2FA is now getting rolled out for GST portal.
What is Two-Factor Authentication?
Two-factor authentication is a security mechanism that requires users to provide two separate forms of identification before granting access to a system or platform. The traditional method of relying solely on a username and password has proven vulnerable to various cyber threats, such as phishing, brute force attacks, and password leaks. By introducing an additional layer of authentication, typically a one time password (OTP) sent to a user’s registered mobile number or email, 2FA significantly enhances the security posture.
How Two-Factor Authentication Works in GST?
In the context of GST, Two-Factor Authentication plays a pivotal role in safeguarding access to the GST portal. When a user attempts to log in, in addition to entering their username and password, they receive a one-time password (OTP) on the registered mobile number or email address of the primary authorised signatory. This OTP is valid for a short duration and must be entered to complete the login process successfully.
The implementation of 2FA in GST ensures that even if a malicious actor gains access to a user’s login credentials, they would still be unable to log in without the second form of authentication. This extra layer of security acts as a formidable barrier, reducing the risk of unauthorized access and protecting sensitive financial data.
Why is it Important to Update a Taxpayer’s Contact Details?
Taxpayers are advised to check their contact details on the GST portal, especially the email address and mobile number of the authorized signatory. This ensures that OTP messages are received without errors. To boost security without causing further inconvenience, the system will ask for a one-time password only if the system or the location of the taxpayer (computer, laptop or browser) changes.
Pilot rollout of 2FA
The pilot implementation of 2FA was introduced for the state of Haryana and it has turned out to be a smooth and efficient process. This success serves as a blueprint and the implementation is to move forward in phases. 2FA will be implemented in Punjab, Chandigarh, Uttarakhand, Rajasthan and Delhi during the first phase, ensuring progressive integration and resolving issues. In the 2nd phase it is planned to be rolled out for all states across the country.
When is the 2FA for GST System scheduled for rollout?
Starting from December 1, 2023, the phased rollout of the 2FA solution will commence, beginning with specific states and eventually covering the entirety of India. This strategic rollout schedule aims to streamline the implementation process, allowing taxpayers sufficient time to adapt to the enhanced security features.
The GSTN team encourages taxpayers to adopt the enhanced security feature of the GST portal as it offers two-factor authentication. A phased implementation ensures a more secure tax filing experience by using one-time passwords and keeping contact information up-to-date. Taxpayers can help create a safe and seamless digital environment by being aware of their personal data and taking proactive measures to manage them. The planned launch on December 1, 2023, is a critical point to strengthen the security of the GSTN portal.
Modes Available for Two-factor Authentication
Two-factor authentication (2FA) offers three distinct methods for receiving the one-time password (OTP), enhancing the security of the authentication process.
These methods are outlined below:
- SMS: The assessee will receive the OTP as SMS on his/her registered mobile number
- Sandes App: This is a messaging app furnished by the Indian Government for assessees to receive and send messages. Users must download and install the app with their registered mobile number for OPT verification.
Manage 2FA in IRIS GST through IRIS Peridot Mobile App
Enhance the security of your user account with Peridot’s Two-Factor Authentication (2FA), a robust additional layer of protection. With 2FA, alongside your password, an additional One-Time Password (OTP) is required to access the system.
Generating OTP is seamless with Peridot’s dedicated module integrated into the Peridot app. Opting for 2FA is entirely optional. Users interested in fortifying their accounts can effortlessly enable 2FA by navigating to their Profile on IRIS GST. Upon opting for 2FA, a unique QR code is presented. Users must then use the Peridot app’s 2FA module to scan this QR code, establishing a secure link between their user account and the Peridot app.
Subsequent logins to the UUM necessitate users to open the Peridot app’s 2FA module, where a dynamically refreshed OTP is displayed every 30 seconds. Entering this OTP is the final step to complete the login process, ensuring heightened account security.
In India, IRIS’ compliance product suite has clients that include over 1000 corporates including companies like Amul, Coal India, Bajaj Auto, Samsung, Thermax, Godrej and L&T groups and over 100 scheduled commercial, private and cooperative banks such as HDFC Bank, SBI, ICICI, Bank of America, Credit Agricole to name a few.
IRIS is also now a government-authorized IRP along with being an ASP+GSP.
For queries, please mail us at support@irisgst.com.