Two-factor authentication (2FA) in Payhawk is an important security feature designed to protect organizational accounts and ensure compliance with regulatory standards.
2FA functionality in Payhawk
Two-factor authentication (2FA) is enforced at the company or entity level in Payhawk. This means that when 2FA is enabled, all members of an entity are required to set it up to access their accounts. It is not managed or customizable at the individual user level.
Application across users
When 2FA is enabled for an entity, it cannot be selectively applied to some users while disabled for others.
For example, 2FA cannot be disabled only for specific employees, administrators, or groups within a company. This consistent application ensures that the organization’s entire user base adheres to the same security standard.
2FA also cannot be turned off for a single user or managed on a per-user basis, which is a deliberate policy choice to enhance system-wide security.
Policy implications and regulatory requirements
2FA is required for all users in Payhawk as part of compliance with banking regulations. These regulations mandate security controls, such as the enforcement of 2FA across all account holders, to ensure the safety of sensitive financial and user data. As such, 2FA is automatically applied at the account level.
Once 2FA is enabled for an entity, it cannot be fully disabled. Users and administrators can adjust certain methods, such as switching from SMS verification to app-based authentication, but there is no option to completely deactivate 2FA for an entity.
Options for method adjustments
While 2FA must remain enabled for the entire organization, Administrators can configure which authentication methods are available.
For instance, they can disable specific methods, such as SMS verification, and guide employees toward preferred options, such as app-based authentication. These settings can be managed under Settings > Security > Two-Factor Authentication.