Looking for a business loan


Thank you for your interest, our team will get back to you shortly

Please Fill the Details to download

Thank you for your response

Get Expert Assistance

Thank you for your response

Our representative will get in touch with you shortly.

Request a demo

Please fill the details to contact our enterprise sales team

Thank you for your response

Our representative will get in touch with you shortly.

Request a demo

Please fill the details to contact our enterprise sales team

Thank you for your response

Our representative will get in touch with you shortly.

2-Factor Authentication in e-Invoice System/e-Way Bill: Options, Steps and Importance

Updated on :  

08 min read.

To improve the security of the e-way bill and e-invoice system, National Informatics Centre (NIC) has introduced 2-Factor Authentication to log in to the e-way bill or e-invoice system. Besides username and password, the user would now require providing a one-time password (OTP) for authenticating the login.

What is two-factor authentication in e-invoicing?

Two-factor authentication (2FA), also referred to as dual-factor authentication or two-step verification, refers to a security process in which users provide two different authentication factors for verifying themselves.

Two-factor authentication is implemented to protect both the user’s credentials and the resources the user can access. After registering for two-factor authentication, the same can be used for the e-Invoice system and the e-Way bill system.

Purpose of two-factor authentication

The goods and services tax department has introduced a two-factor authentication process for 

  • Accessing the e-invoice system and e-way bill system more efficiently, and
  • Enabling the e-invoice system to be more efficient and robust, and
  • Ensuring a secure environment for accessing the e-invoice/e-way bill system

Modes available for two-factor authentication on the e-invoice portal

Two-factor authentication has three different ways to receive the one-time password (OTP). The same are discussed below:

SMS: OTP is shared with the assessee on the registered mobile number as SMS.

Sandes app: Sandes app is a messaging app provided by the Indian government so that assessees can send and receive messages. Assesses can download and install this app with their registered mobile number and can receive a one-time password in it.

NIC GST Shield app: NIC-GST-Shield is a mobile application provided by e-Invoice System/ eWay Bill, so OTP can be generated using this app. NIC-GST-Shield app could be downloaded only from the e-Invoice/ e-Waybill portal. The assessee needs to follow to below steps to use the NIC-GST-Shield mobile app:

  • The assessees need to download, install and register this app with their registered mobile number. 
  • One must ensure that the time displayed in the NIC-GST-Shield app is in sync with the e-Invoice/ e-waybill system. 
  • On opening this app, a one-time password is displayed. 
  • The assessee could enter this OTP and continue with the authentication process. Every 30 seconds, the OTP gets refreshed. The assessee doesn’t require internet to generate the OTP on this app.
2-factor authentication

Steps for setting up two-factor authentication

Step 1. On logging into the e-Invoice System, the user needs to go to Main Menu

Step 2. The user then needs to select two-factor authentication and confirm the registration. 

Step 3. Once confirmed, the system will ask for a one-time password along with the username and password. 

This facility has been introduced on an optional basis. However, it will be made mandatory in near future.

2-factor authentication

FAQs on e-invoicing authentication

What is an example of two-factor authentication?

Below is an example of the two-factor authentication process:

  • The user visits the GST portal and enters a username and password.
  • The portal then prompts the user to initiate the second login step. 
  • The user must provide a one-time code shared on the registered mobile number.
  • After providing the one-time code, the user is authenticated and granted access to the portal.
  • How secure is two-factor authentication?
How secure is two-factor authentication?

Two-factor authentication (2FA) adds another layer of security to the entire authentication process by making it difficult for attackers to gain access to an assessee’s accounts because, even if the assessee’s password is hacked, the password alone isn’t enough to pass the authentication check.

Is 2FA mandatory in e-invoicing?

As of today, using two-factor authentication is not mandatory under e-invoicing. However, it will be mandatory soon as two-factor authentication is a much-needed measure to comply with particular password restrictions.