Updated on: Nov 8th, 2023
7 min read
National Informatics Centre (NIC) has introduced the two-factor authentication (2FA) to log in to the e-way bill or e-invoice system. It aims to improve the security of the e-way bill and e-invoice system. Besides username and password, the user would now require providing a one-time password (OTP) for authenticating the login.
The implementation of 2FA puts an additional burden on the teams logging into the e-invoice and e-way bill portals of NIC. Clear e-Invoicing allows its users to avoid the hassles of 2FA while continuing to ensure an utmost secure environment for data handling and privacy.
Continue reading the article to know more about the applicability, issues and alternate solutions for 2FA.
Two-factor authentication (2FA), also referred to as dual-factor authentication or two-step verification, refers to a security process in which users provide two different authentication factors for verifying themselves.
Two-factor authentication is implemented to protect both the user’s credentials and the resources the user can access. After registering for two-factor authentication, the same can be used for the e-Invoice system and the e-Way bill system.
National Informatics Centre (NIC) has implemented the two-factor authentication on its portals such as the e-invoicing portals, NIC1 and NIC2, and e-way bill portal for certain taxpayers. Currently, the 2FA applies to taxpayers using these portals, as follows-
Taxpayers with AATO of more than Rs.100 crore from 21st August 2023.
Rest of taxpayers subject to e-invoicing and e-way bill
Taxpayers with AATO of more than Rs.20 crore upto Rs.100 crore from 20th November 2023
*AATO stands for Annual Aggregate Turnover.
The goods and services tax department has introduced a two-factor authentication process for
Two-factor authentication has three different ways to receive the one-time password (OTP). The same are discussed below:
SMS: OTP is shared with the assessee on the registered mobile number as SMS.
Sandes app: Sandes app is a messaging app provided by the Indian government so that assessees can send and receive messages. Assesses can download and install this app with their registered mobile number and can receive a one-time password in it.
NIC GST Shield app: NIC-GST-Shield is a mobile application provided by e-Invoice System/ eWay Bill, so OTP can be generated using this app. NIC-GST-Shield app could be downloaded only from the e-Invoice/ e-Waybill portal. The assessee needs to follow to below steps to use the NIC-GST-Shield mobile app:
Step 1. On logging into the e-Invoice System, the user needs to go to Main Menu
Step 2. The user then needs to select two-factor authentication and confirm the registration.
Step 3. Once confirmed, the system will ask for a one-time password along with the username and password.
This facility has been introduced on an optional basis. However, it will be made mandatory in near future.
You must know that in the case of SMS and NIC-GST-Shield app, the OTP is sent to the registered mobile number of the authorised personnel of the GSTIN.
Suppose the invoicing team is not able to readily access such registered mobile numbers for OTP, it can lead to delays in generation of e-invoices/e-way bills, leading to business disruptions.
Below is an example of the two-factor authentication process:
Two-factor authentication (2FA) adds another layer of security to the entire authentication process by making it difficult for attackers to gain access to an assessee’s accounts because, even if the assessee’s password is hacked, the password alone isn’t enough to pass the authentication check. Yet, if a third party solution has necessary certifications for data security and data privacy such as SSL encryption, SOC-2 auditted, ISO 27001 certified, then 2FA need not be required.
As of today, using two-factor authentication is not mandatory for everyone under e-invoicing on the NIC but only a notified few. However, it will be mandatory soon as two-factor authentication is a much-needed measure to comply with particular password restrictions. As per update from NIC in September 2023, the 2FA is mandatory from 21st August 2023 for taxpayers with annual aggregate turnover more than Rs.100 crore. Thereafter, it applies to those with annual turnover over Rs.20 crore from 1st November 2023 onwards.
No, the 2-factor authentication is not mandatory for GST portal login. It is made mandatory for logging into the e-way bill and e-invoicing portals.
You may de-register this facility anytime when it was optional using the link ‘2 Factor Authentication Registration / Deregistration'. However, once it was made mandatory, then you cannot disable it.