After September 30, 2022, you won’t be able to use your demat trading account if you have not activated the 2-factor authentication system for login. The National Stock Exchange (NSE) had issued a direction in this regard on June 14, 2022, and this will come into effect around 12 days from now, i.e., on September 30, 2022.
The NSE guidelines state that the demat account holder should activate a 2-factor authentication (2FA) system using knowledge/possession factor and biometric authentication to continue using their accounts.
According to the circular, users should preferably use biometric authentication as one of the authentication factors, along with knowledge or possession. In the absence of biometric authentication, users should employ knowledge and possession elements in addition to the user ID for 2FA. The trading platform has to send the one-time password (OTP) to both the phone number as well as the e-mail address.
The two-factor authentication system will provide two layers of security to the investors, and will lower the chance of funds being stolen by ensuring the investor’s identity. If bad actors obtain the password, hackers must acquire access to the phone to obtain the OTP, and biometric information to steal the assets.
HOW TO ACTIVATE 2FA
Here is the step-by-step process to enable 2 factor authentication.
- First go to the App or the website and log in to your demat account
- Then, go to the profile section and check the security settings
- Choose the password and security option
- To add the second layer of authentication, validate your identify using a biometric factor
- This could include fingerprint, face and/or voice recognition on a smartphone
- In case you don’t have biometrics, you can generate time-based one-time password (TOTP)
- Click on the “enable 2-step TOTP option
- You will receive a one-time password (OTP) on your email id
- Open any one of your authenticator Apps on your mobile phone
- Choose ‘scan a QR code’ under the ‘Add account’ option, and click on begin
- The App will ask for phone camera permission
- Give the permission and scan the bar code
- The account will be added and the TOTP will get enabled
There are a few things to keep in mind with the knowledge/possession keys, and the biometric keys.
Knowledge/Possession Keys: The first authentication system is the knowledge, which is your password or PIN, which is with the user always. Then there is the possession factor in authentication, wherein you will receive a one-time password (OTP) as well as a security token. However, if you don’t have biometrics, time-based OTPs (TOTP) can be generated for an authenticator application on your smartphone, which will ensure the highest level of security like Authy or Google authenticator. The TOTP is valid for only 20-30 seconds.
Biometrics Keys: To add a second layer of security, you will need to validate your identity using a biometric factor. Fingerprint, face recognition, and voice recognition can all be used to identify people using biometrics on your smartphones.
“In cases where biometric authentication is not possible, members shall use both the aforementioned factors (knowledge factor and possession factor), in addition to the user ID, for 2-factor authentication (2FA). It is to be noted that the above-mentioned authentication shall be implemented on every login session by the client to IBT and STWT,” the circular added.