1. What is Two-factor authentication (2FA)?
Two-factor authentication (2FA) is an extra layer of security used to ensure that people trying to access an online account are who they say they are.
To begin with, a user will enter their username and password as the first factor. Then, instead of immediately gaining access, they will be required to provide an authentication code generated by the device they physically possess as the second factor.
With 2FA, a potential compromise of only one of these factors will not unlock the account so your account is more secure.
2. How can I enable 2FA for my account?
Account owners and admins (or any user with edit permission for settings) can enable Account-wide two-factor authentication in Settings > Security. To change settings it is required for the user to set up 2FA first.
All users using this account will be asked to set up 2FA the next time they next log in. For certain jurisdictions 2FA is mandatory for every user and cannot be turned off.
3. How to set up my 2FA?
You can set up your 2FA by following the instructions on the setup pages.
- If you are new to Airwallex, you can start the 2FA setup at your first login
- If you are an existing customer, you can set up your 2FA at User profile > Security > Two-factor authentication
4. Which authenticator should I use?
You can set up either an SMS or App based authenticator. The use of both authenticators is for free*.
For authentication apps, we recommend the following:
- Google Authenticator
- Symantec VIP
Both authenticator apps can be easily installed on your phone. Once set up, they are accessible even without an internet connection.
* Your carrier may charge for SMS messages or mobile data
5. What is the Recovery code?
In the event that you cannot receive the text message code or access your authenticator app, you can use one of the 10 recovery codes for the 2FA verification. Each recovery code is valid for one-time use only.
The first 10 recovery codes will be generated once your 2FA is set up successfully. From here you can:
- Print your recovery codes and store them in a safe place
- Re-generate 10 new recovery codes in User profile > Security > Two-factor authentication > Recovery codes - show > Generate new recovery codes. This will deactivate your old codes.
6. Have trouble logging in with 2FA?
If you cannot use the SMS code or the authenticator app to log in, one of the 10 recovery codes can be used for the 2FA verification.
If you don't have your recovery codes, and you are an:
(i) Account Owner
Please reach your Account Manager or our Customer Support team for help. After our team has your details verified, your 2FA will be reset. (Please note: You cannot reset your 2FA by Email or SMS)
(ii) Account User
Please ask your Account Owner to help you reset 2FA.
7. Can I deactivate my 2FA or skip 2FA setup?
You can deactivate your 2FA if your Account does not force all users to set-up 2FA. You can check and deactivate under User profile > Security > Two-factor authentication.
8. Can I reset my own 2FA?
Yes, you can reset/ edit the 2FA by yourself if you are logged in under User Profile > Security > 2FA authentication method > Edit.
9. I am the Account Owner, how do I reset another user's 2FA?
Step 1: Click “User Management”, under “Account” in the left panel
Step 2: Click on the user
Step 3: Click the 3 button menu, and then “Reset 2FA”.
That's it! When the user next logs in, they'll be prompted to set their 2FA back up straight away.