100% tax compliance with smart e-Invoicing 100% tax compliance with smart e-Invoicing
Integration
across all ERPs
Integration across all ERPs
4 hrs resolution SLA
& 1hr response SLA
4 hrs resolution SLA & 1hr response SLA
MIS Dashboards with
backup & storage
MIS Dashboards with backup & storage
Request a Demo
Index

2-Factor Authentication in e-Invoice System/e-Way Bill: Options, Steps and Importance

By Annapoorna

|

Updated on: Dec 18th, 2024

|

3 min read

National Informatics Centre (NIC) has mandated the two-factor authentication (2FA)/multi-factor authentication(MFA) to log in to the e-way bill or e-invoice system. It aims to improve the security of the e-way bill and e-invoice system. Besides username and password, the user would now require providing a one-time password (OTP) for authenticating the login. 

The implementation of 2FA puts an additional burden on the teams logging into the e-invoice and e-way bill portals of NIC. Clear e-Invoicing allows its users to avoid the hassles of 2FA while continuing to ensure an utmost secure environment for data handling and privacy. 

Continue reading the article to know more about the applicability, issues and alternate solutions for 2FA.

What is 2-Factor Authentication in e-Invoicing?

Two-factor authentication (2FA), also referred to as dual-factor authentication or two-step verification, refers to a security process in which users provide two different authentication factors for verifying themselves.

Two-factor authentication is implemented to protect both the user’s credentials and the resources the user can access. After registering for two-factor authentication, the same can be used for the e-Invoice system and the e-Way bill system.

Latest updates

17th December 2024

  1. GST Network has issued an advisory on 17th December 2024 to expand the scope of mandating 2FA on taxpayers. If your enterprise/business have AATO over Rs.20 crores, use 2FA from 1st January 2025 mandatorily. Likewise, 2FA will be mandatory for businesses with turnover ranging Rs.5 Crore to Rs.20 Crore from 1st February 2025. All taxpayers irrespective of turnover should mandatorily use 2FA for e-invoice and e-way bill generation from 1st April 2025.
  2. Generate e-way bills within 180 days from the date of the document/invoice starting from 1st January 2025.
  3. e-Way bill validity extensions will be capped at 360 days from the original generation date from 1st January 2025.

NIC's Mandate on Two-factor Authentication

National Informatics Centre (NIC) has implemented the two-factor authentication on its portals such as the e-invoicing portals, NIC1 and NIC2, and e-way bill portal for certain taxpayers. Currently, the 2FA applies to taxpayers using these portals, as follows-

Date of implementation

AATO Threshold

MFA Status

20th August 2023

AATO more than Rs.100 Crores

Mandatory

11th September 2023

AATO between Rs.20 Crore-100 Crore

Optional to encourage an early adoption

1st January 2025

AATO between Rs.20 Crore-100 Crore

Mandatory

1st February 2025

AATO between Rs.5 Crore-20 Crore

Mandatory

1st April 2025

All taxpayers and users

Mandatory irrespective of turnover.

*AATO stands for Annual Aggregate Turnover.

Purpose of 2-Factor Authentication

The goods and services tax department has introduced a two-factor authentication process for 

  • Accessing the e-invoice system and e-way bill system more efficiently, and
  • Enabling the e-invoice system to be more efficient and robust, and
  • Ensuring a secure environment for accessing the e-invoice/e-way bill system

Quick Video to Learn About NIC Update on 2FA

Modes Available for Two-factor Authentication on The e-Invoice Portal

Two-factor authentication has three different ways to receive the one-time password (OTP). The same are discussed below:

SMS: OTP is shared with the assessee on the registered mobile number as SMS.

Sandes app: Sandes app is a messaging app provided by the Indian government so that assessees can send and receive messages. Assesses can download and install this app with their registered mobile number and can receive a one-time password in it.

NIC GST Shield app: NIC-GST-Shield is a mobile application provided by e-Invoice System/ eWay Bill, so OTP can be generated using this app. NIC-GST-Shield app could be downloaded only from the e-Invoice/ e-Waybill portal. The assessee needs to follow to below steps to use the NIC-GST-Shield mobile app:

  • The assessees need to download, install and register this app with their registered mobile number. 
  • One must ensure that the time displayed in the NIC-GST-Shield app is in sync with the e-Invoice/ e-waybill system. 
  • On opening this app, a one-time password is displayed. 
  • The assessee could enter this OTP and continue with the authentication process. Every 30 seconds, the OTP gets refreshed. The assessee doesn’t require internet to generate the OTP on this app.

2-factor authentication

Steps for Setting Up 2-Factor Authentication

Step 1. On logging into the e-Invoice System, the user needs to go to Main Menu

Step 2. The user then needs to select two-factor authentication and confirm the registration. 

Step 3. Once confirmed, the system will ask for a one-time password along with the username and password. 

This facility has been introduced on an optional basis. However, it will be made mandatory in near future.

register for 2-factor authentication

Drawbacks of 2FA Implementation

You must know that in the case of SMS and NIC-GST-Shield app, the OTP is sent to the registered mobile number of the authorised personnel of the GSTIN.

Suppose the invoicing team is not able to readily access such registered mobile numbers for OTP, it can lead to delays in generation of e-invoices/e-way bills, leading to business disruptions.

Alternate Secure Solutions to Avoid 2FA

No 2 Factor Authentication with Clear! Users on Clear e-Invoicing solution and Clear IRP enjoy faster and hassle-free experience of e-invoice and e-way bill generation every time. Here's how- 

  • With Clear, you will not have to deal with OTPs every time you log in, saving you time and hassle.
  • We’ve enabled smart security features to keep your data safe. Our solutions use SSL encryption and have security certifications such as ISO 27001, SOC-2, VAPT, and PCI-compliant.
  • We are an approved GSTN IRP provider, ensuring that your e-invoicing and e-way bills are fully compliant.
  • You can start generating e-way bills in just 150ms with Clear.
  • We maintain a 99.9% success rate in generating IRNs and e-Way bills.
  • Our support team is available 24/7 to assist you with any questions or issues.

Frequently Asked Questions

What is an example of two-factor authentication?

Below is an example of the two-factor authentication process:

  • The user visits the GST portal and enters a username and password.
  • The portal then prompts the user to initiate the second login step.
  • The user must provide a one-time code shared on the registered mobile number.
  • After providing the one-time code, the user is authenticated and granted access to the portal.
How secure is two-factor authentication?

Two-factor authentication (2FA) adds another layer of security to the entire authentication process by making it difficult for attackers to gain access to an assessee’s accounts because, even if the assessee’s password is hacked, the password alone isn’t enough to pass the authentication check. Yet, if a third party solution has necessary certifications for data security and data privacy such as SSL encryption, SOC-2 auditted, ISO 27001 certified, then 2FA need not be required.

Is 2FA mandatory in e-invoicing? or Is two-factor authentication mandatory for e-invoicing and e-way bill?

As of today, using two-factor authentication is not mandatory for everyone under e-invoicing on the NIC but only a notified few. However, it will be mandatory soon as two-factor authentication is a much-needed measure to comply with particular password restrictions. As per update from GSTN on 17th December 2024, the 2FA is mandatory from 1st January 2025 for taxpayers with annual aggregate turnover more than Rs.20 crore. Thereafter, it applies in a phased manner for the rest taxpayers such that it becomes mandatory for all taxpayers from 1st April 2025.

Is 2 factor authentication mandatory for GST?

No, the 2-factor authentication is not mandatory for GST portal login. It is made mandatory for logging into the e-way bill and e-invoicing portals.

How to disable 2 factor authentication in e-way bill portal?

You may de-register this facility anytime when it was optional using the link ‘2 Factor Authentication Registration / Deregistration'. However, once it was made mandatory, then you cannot disable it.

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication implies secured login to the e-invoice and e-way bill portals for generation of e-invoice and e-way bills using username, password and One-time password (OTP).

About the Author

I preach the words, “Learning never exhausts the mind.” An aspiring CA and a passionate content writer having 4+ years of hands-on experience in deciphering jargon in Indian GST, Income Tax, off late also into the much larger Indian finance ecosystem, I love curating content in various forms to the interest of tax professionals, and enterprises, both big and small. While not writing, you can catch me singing Shāstriya Sangeetha and tuning my violin ;). Read more

Clear offers taxation & financial solutions to individuals, businesses, organizations & chartered accountants in India. Clear serves 1.5+ Million happy customers, 20000+ CAs & tax experts & 10000+ businesses across India.

Efiling Income Tax Returns(ITR) is made easy with Clear platform. Just upload your form 16, claim your deductions and get your acknowledgment number online. You can efile income tax return on your income from salary, house property, capital gains, business & profession and income from other sources. Further you can also file TDS returns, generate Form-16, use our Tax Calculator software, claim HRA, check refund status and generate rent receipts for Income Tax Filing.

CAs, experts and businesses can get GST ready with Clear GST software & certification course. Our GST Software helps CAs, tax experts & business to manage returns & invoices in an easy manner. Our Goods & Services Tax course includes tutorial videos, guides and expert assistance to help you in mastering Goods and Services Tax. Clear can also help you in getting your business registered for Goods & Services Tax Law.

Save taxes with Clear by investing in tax saving mutual funds (ELSS) online. Our experts suggest the best funds and you can get high returns by investing directly or through SIP. Download Black by ClearTax App to file returns from your mobile phone.

Cleartax is a product by Defmacro Software Pvt. Ltd.

Company PolicyTerms of use

ISO

ISO 27001

Data Center

SSL

SSL Certified Site

128-bit encryption