You can enhance the security of the financial operations and business data of your company by enabling two-factor authentication (2FA) for your Payhawk account.
If you’re making payments through Payhawk, the 2FA configuration is mandatory for your account.
If a user has access to at least one account with 2FA enabled, they’ll always log in to Payhawk using 2FA, as it’s configured on an account level, rather than user level.
For more information on registering Payhawk accounts, see the article about registering with an email invite or over Active Directory.
Benefits
By adding an extra 2FA security layer, you significantly decrease the risk of hacker attacks against account takeover, fraudulent transactions, unauthorized account access, and account hijacking.
Supported 2FA in Payhawk
In Payhawk, the 2FA extra layer provides the following authorization options for employees:
Payhawk app - When enabled for the company, employees will need to authenticate through a trusted device they’ve previously linked to their personal Payhawk account. Upon logging in to Payhawk from another device, they’ll receive a Payhawk mobile app push notification on the trusted device and will have to click on it so that the login can be allowed.
Text message (SMS) - When enabled for the company, employees will need to authenticate directly on the Payhawk web portal or mobile app by using an authentication code sent via an SMS. Upon logging in to Payhawk from another device, they’ll receive a six-digit code as an SMS to the verified number with which they first registered in Payhawk.
Email - When enabled for the company, employees will need to authenticate directly on the Payhawk web portal or mobile app by using an authentication code sent via email. Upon logging in to Payhawk from another device, they’ll receive an email with a six-digit code to the email address with which they are registered in Payhawk. This option is available on the latest mobile app version.
Enabling 2FA for Payhawk accounts
When you enable the additional security level for your company’s Payhawk account, employees will be automatically logged out and required to authenticate on their next login.
It’s recommended to enable at least two of the provided authentication methods. This provides a necessary redundancy layer and ensures that team members retain secure access to their accounts even if their primary device is lost, replaced, or temporarily unavailable.
To enable 2FA in Payhawk:
Go to the Settings > Security > Two-factor authentication tab.
Click on Enable for your organization.
In the dialog that opens, switch on the toggle button for the desired extra security level - Payhawk app, Text message (SMS), Email, or all of these.
Click on Enable. As a result, the required authentication method will appear under the Two-factor authentication tab.
The default authentication factor is determined by a priority system based on the enabled methods. The Payhawk app always has the highest priority as the most secure option, followed by text messages (SMS), and finally email, which has the lowest priority. For example, if both SMS and email are enabled, SMS will be set as the default factor, with email serving as a fallback option.
If you haven’t enabled any authentication method for your Payhawk account and you need to preinstall the Payhawk mobile app, reach out to Payhawk Support for further assistance with the set-up.
Editing 2FA for Payhawk accounts
To edit the 2FA security settings:
Go to the Settings > Security > Two-factor authentication tab.
In the Available authentication methods field, click on Edit.
Update the authentication methods and click on Save changes.
Disabling 2FA for Payhawk accounts
If you’re using Payhawk to make payments, 2FA cannot be disabled on your account to ensure the highest level of security.
To disable the extra security authentication:
Go to the Settings > Security > Two-factor authentication tab.
In the Do not use extra security field, click on Disable.
