Two-factor authentication (2FA) is an extra layer of security that can be added to a user in the Control Panel, making it more difficult for unauthorized users to access your gateway.

When 2FA is enabled on a Control Panel user's account, the user will be required to enter both their normal password and a different code each time they sign in. Users can choose to receive this code via an application on their smartphone or a text message (SMS) to their mobile device.

How to enable 2FA

2FA is not enabled on user accounts by default, and each user must enable it themselves. We encourage you to have all of your Control Panel users enable 2FA for increased security. To enable 2FA, users can follow these steps:

  1. Navigate to Account > My user
  2. Under Two-Factor Authentication click Enable
  3. Enter your password when prompted
  4. Scan the QR code using one of the supported apps on your mobile device, or click Use SMS As Primary
  5. Enter the code you receive on your mobile device to complete the process*

*If you opt to use an app, you will find the initial code within that application. If you chose SMS as your preference, this code will be texted to you.

Signing in with 2FA

Once 2FA is enabled on a user's account, every time they sign into the Control Panel they'll be prompted to enter an authentication code after their password. If they opted to use an authentication app, they'll use the code generated by the app. If they set up SMS as their preferred method, they'll use the code that was texted to them after entering their password.

If a user that selected the app as their preferred method is unable to access the app at the time of login, they can have a code sent to their mobile device via SMS by clicking Text a code instead.

How to Disable 2FA

If one of your users is locked out of the Control Panel, or is unable to access their mobile device at the time of login, your Braintree Account Admin will need to disable 2FA for that user's account:

  1. Log into the Control Panel
  2. Navigate to Settings > Users and Roles
  3. Locate the user and click either the Username, Name, or Email
  4. Under Two Factor Authentication, click Disable

Only users with the Account Admin role will be able to disable 2FA for other users in the Control Panel.

Contact us with questions.

Supported apps

Braintree’s 2FA is compatible with most Time-based One-Time Password (TOTP) applications. TOTP apps automatically generate an authentication code that changes after a certain period of time. Because they do not rely on incoming text messages, they are more reliable than SMS—especially for locations outside the US.

Popular TOTP apps include:

Still have questions?

If you can’t find an answer, contact us