National Informatics Centre (NIC) has mandated the two-factor authentication (2FA)/multi-factor authentication(MFA) to log in to the e-way bill or e-invoice system. It aims to improve the security of the e-way bill and e-invoice system. Besides username and password, the user would now require providing a one-time password (OTP) for authenticating the login.
The implementation of 2FA puts an additional burden on the teams logging into the e-invoice and e-way bill portals of NIC. Clear e-Invoicing allows its users to avoid the hassles of 2FA while continuing to ensure an utmost secure environment for data handling and privacy.
Continue reading the article to know more about the applicability, issues and alternate solutions for 2FA.
Two-factor authentication (2FA), also referred to as dual-factor authentication or two-step verification, refers to a security process in which users provide two different authentication factors for verifying themselves.
Two-factor authentication is implemented to protect both the user’s credentials and the resources the user can access. After registering for two-factor authentication, the same can be used for the e-Invoice system and the e-Way bill system.
Latest updates
17th December 2024
- GST Network has issued an advisory on 17th December 2024 to expand the scope of mandating 2FA on taxpayers. If your enterprise/business have AATO over Rs.20 crores, use 2FA from 1st January 2025 mandatorily. Likewise, 2FA will be mandatory for businesses with turnover ranging Rs.5 Crore to Rs.20 Crore from 1st February 2025. All taxpayers irrespective of turnover should mandatorily use 2FA for e-invoice and e-way bill generation from 1st April 2025.
- Generate e-way bills within 180 days from the date of the document/invoice starting from 1st January 2025.
- e-Way bill validity extensions will be capped at 360 days from the original generation date from 1st January 2025.
National Informatics Centre (NIC) has implemented the two-factor authentication on its portals such as the e-invoicing portals, NIC1 and NIC2, and e-way bill portal for certain taxpayers. Currently, the 2FA applies to taxpayers using these portals, as follows-
Date of implementation | AATO Threshold | MFA Status |
20th August 2023 | AATO more than Rs.100 Crores | Mandatory |
11th September 2023 | AATO between Rs.20 Crore-100 Crore | Optional to encourage an early adoption |
1st January 2025 | AATO between Rs.20 Crore-100 Crore | Mandatory |
1st February 2025 | AATO between Rs.5 Crore-20 Crore | Mandatory |
1st April 2025 | All taxpayers and users | Mandatory irrespective of turnover. |
*AATO stands for Annual Aggregate Turnover.
The goods and services tax department has introduced a two-factor authentication process for
Two-factor authentication has three different ways to receive the one-time password (OTP). The same are discussed below:
SMS: OTP is shared with the assessee on the registered mobile number as SMS.
Sandes app: Sandes app is a messaging app provided by the Indian government so that assessees can send and receive messages. Assesses can download and install this app with their registered mobile number and can receive a one-time password in it.
NIC GST Shield app: NIC-GST-Shield is a mobile application provided by e-Invoice System/ eWay Bill, so OTP can be generated using this app. NIC-GST-Shield app could be downloaded only from the e-Invoice/ e-Waybill portal. The assessee needs to follow to below steps to use the NIC-GST-Shield mobile app:
Step 1. On logging into the e-Invoice System, the user needs to go to Main Menu
Step 2. The user then needs to select two-factor authentication and confirm the registration.
Step 3. Once confirmed, the system will ask for a one-time password along with the username and password.
This facility has been introduced on an optional basis. However, it will be made mandatory in near future.
You must know that in the case of SMS and NIC-GST-Shield app, the OTP is sent to the registered mobile number of the authorised personnel of the GSTIN.
Suppose the invoicing team is not able to readily access such registered mobile numbers for OTP, it can lead to delays in generation of e-invoices/e-way bills, leading to business disruptions.
No 2 Factor Authentication with Clear! Users on Clear e-Invoicing solution and Clear IRP enjoy faster and hassle-free experience of e-invoice and e-way bill generation every time. Here's how-