With various security measures readily available on Cowrywise, why do you need two-factor authentication (2FA)? Yes, no one can access your account without your password or PIN. Also, they cannot withdraw into account details that don’t match your BVN (which cannot be edited once added).
Regardless, our job is to continuously think ahead and prevent you from potential attacks. A potential attack that is usually ignored is from people close to us. It is easy for them to guess passwords, log in on a separate device and wreak havoc before we even notice.
Check this extensive guide on the operations of digital fraudsters
To kill such attempts, we are excited to announce that you can now activate an extra layer of security on your Cowrywise account. With this layer, to initiate a bank withdrawal or Stash transfer, you’ll need a unique one-time code that can only be generated on your phone.
What is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) is an identification system that requires a combination of at least two of the following:
- What you know: a password, PIN
- What you have: your smartphone, hardware token, hardware keys
- What you are: biometrics – fingerprint scan, retina scan
Usually for ease and flexibility, 2FA is implemented with a combination of what you know and what you have.
Isn’t SMS also used for 2FA?
While SMS can indeed be used as a means of 2FA, it’s a bad idea. SMS messages can be hacked and spoofed easily by spammers. They can be socially engineered to make the recipient provide the code sent to the phone using MITM (Man In The Middle) attack patterns.
Receiving codes via SMS also doesn’t exactly prove your ownership (what you have) of the device it is received on. SIM cards can be easily cloned or swapped, SMS messages can be easily read by a malicious app you’ve given permission to access your messages and so on. The same applies to emails.
This involves using an authenticator (an app installed on your phone) on your device for generating unique codes known as tokens. The app doesn’t need your device connected to the internet for generating these unique codes. The codes (usually 6 digits) are generated based on the current time for a short period, and you don’t always have to remember them.
In context, to access a withdrawal on Cowrywise, you’ll need two distinct forms of identification–your PIN and one-time access code in this case. After entering your PIN, we’ll request the code generated by an authenticator app. Only then can the withdrawal be approved.
How to setup Two-factor Authentication (2FA) for your account
The Cowrywise app makes use of a third-party service provider for verification–Google authenticator. Follow these steps to get started:
- Download the updated Cowrywise app ↗.
- From profile go to the security tab and switch on 2FA.
- Enter your PIN and set your security questions*.
- Proceed to connect your account to an authenticator app. We recommend Google Authenticator.
- Enter the OTP code–from the authenticator app–on the Cowrywise app to complete the connection.
After this, you will need an OTP from your authenticator app to complete transactions on your Cowrywise.
*Note: security questions cannot be changed and we don’t store them. Make sure to store answers somewhere secure for your use. Security questions can be used to reset your authenticator app when you switch devices and other security-related actions on Cowrywise.
Frequently Asked Questions on Two-Factor Authentication
What happens if I change or lose my device?
You can simply reset 2fa on your account with your security questions then have it setup on a new device. Till the reset is done, you won’t be able to make transactions and here is where your security questions come in.
Is two-factor authentication necessary?
Without your password and PIN, no one can make a transfer out of your Cowrywise account. This would have been sufficient if people couldn’t hack your emails and reset your password or PIN. This provides an extra layer of security unique to your device alone.
How do I turn off two-factor (2FA) authentication?
Even though we do not advise this, you can. To do so, toggle the 2FA button to switch it off. Your security questions will be asked to approve this process. A good time to turn off 2FA is when your device is stolen or lost.
If you have any other questions, do let us know in the comments. We’ll respond swiftly.