National Informatics Centre (NIC) has mandated the two-factor authentication (2FA)/multi-factor authentication(MFA) to log in to the e-way bill or e-invoice system. It aims to improve the security of the e-way bill and e-invoice system. Besides username and password, the user would now require providing a one-time password (OTP) for authenticating the login.
The implementation of 2FA puts an additional burden on the teams logging into the e-invoice and e-way bill portals of NIC. Clear e-Invoicing allows its users to avoid the hassles of 2FA while continuing to ensure an utmost secure environment for data handling and privacy.
Continue reading the article to know more about the applicability, issues and alternate solutions for 2FA.
What is 2-Factor Authentication in e-Invoicing?
Two-factor authentication (2FA), also referred to as dual-factor authentication or two-step verification, refers to a security process in which users provide two different authentication factors for verifying themselves.
Two-factor authentication is implemented to protect both the user’s credentials and the resources the user can access. After registering for two-factor authentication, the same can be used for the e-Invoice system and the e-Way bill system.
Latest updates
17th December 2024
- GST Network has issued an advisory on 17th December 2024 to expand the scope of mandating 2FA on taxpayers. If your enterprise/business have AATO over Rs.20 crores, use 2FA from 1st January 2025 mandatorily. Likewise, 2FA will be mandatory for businesses with turnover ranging Rs.5 Crore to Rs.20 Crore from 1st February 2025. All taxpayers irrespective of turnover should mandatorily use 2FA for e-invoice and e-way bill generation from 1st April 2025.
- Generate e-way bills within 180 days from the date of the document/invoice starting from 1st January 2025.
- e-Way bill validity extensions will be capped at 360 days from the original generation date from 1st January 2025.
National Informatics Centre (NIC) has implemented the two-factor authentication on its portals such as the e-invoicing portals, NIC1 and NIC2, and e-way bill portal for certain taxpayers. Currently, the 2FA applies to taxpayers using these portals, as follows-
Date of implementation | AATO Threshold | MFA Status |
20th August 2023 | AATO more than Rs.100 Crores | Mandatory |
11th September 2023 | AATO between Rs.20 Crore-100 Crore | Optional to encourage an early adoption |
1st January 2025 | AATO between Rs.20 Crore-100 Crore | Mandatory |
1st February 2025 | AATO between Rs.5 Crore-20 Crore | Mandatory |
1st April 2025 | All taxpayers and users | Mandatory irrespective of turnover. |
*AATO stands for Annual Aggregate Turnover.
Purpose of 2-Factor Authentication
The goods and services tax department has introduced a two-factor authentication process for
- Accessing the e-invoice system and e-way bill system more efficiently, and
- Enabling the e-invoice system to be more efficient and robust, and
- Ensuring a secure environment for accessing the e-invoice/e-way bill system
Quick Video to Learn About NIC Update on 2FA
Modes Available for Two-factor Authentication on The e-Invoice Portal
Two-factor authentication has three different ways to receive the one-time password (OTP). The same are discussed below:
SMS: OTP is shared with the assessee on the registered mobile number as SMS.
Sandes app: Sandes app is a messaging app provided by the Indian government so that assessees can send and receive messages. Assesses can download and install this app with their registered mobile number and can receive a one-time password in it.
NIC GST Shield app: NIC-GST-Shield is a mobile application provided by e-Invoice System/ eWay Bill, so OTP can be generated using this app. NIC-GST-Shield app could be downloaded only from the e-Invoice/ e-Waybill portal. The assessee needs to follow to below steps to use the NIC-GST-Shield mobile app:
- The assessees need to download, install and register this app with their registered mobile number.
- One must ensure that the time displayed in the NIC-GST-Shield app is in sync with the e-Invoice/ e-waybill system.
- On opening this app, a one-time password is displayed.
- The assessee could enter this OTP and continue with the authentication process. Every 30 seconds, the OTP gets refreshed. The assessee doesn’t require internet to generate the OTP on this app.
Steps for Setting Up 2-Factor Authentication
Step 1. On logging into the e-Invoice System, the user needs to go to Main Menu
Step 2. The user then needs to select two-factor authentication and confirm the registration.
Step 3. Once confirmed, the system will ask for a one-time password along with the username and password.
This facility has been introduced on an optional basis. However, it will be made mandatory in near future.
Drawbacks of 2FA Implementation
You must know that in the case of SMS and NIC-GST-Shield app, the OTP is sent to the registered mobile number of the authorised personnel of the GSTIN.
Suppose the invoicing team is not able to readily access such registered mobile numbers for OTP, it can lead to delays in generation of e-invoices/e-way bills, leading to business disruptions.
Alternate Secure Solutions to Avoid 2FA
No 2 Factor Authentication with Clear! Users on Clear e-Invoicing solution and Clear IRP enjoy faster and hassle-free experience of e-invoice and e-way bill generation every time. Here's how-
- With Clear, you will not have to deal with OTPs every time you log in, saving you time and hassle.
- We’ve enabled smart security features to keep your data safe. Our solutions use SSL encryption and have security certifications such as ISO 27001, SOC-2, VAPT, and PCI-compliant.
- We are an approved GSTN IRP provider, ensuring that your e-invoicing and e-way bills are fully compliant.
- You can start generating e-way bills in just 150ms with Clear.
- We maintain a 99.9% success rate in generating IRNs and e-Way bills.
- Our support team is available 24/7 to assist you with any questions or issues.