Two factor authentication in E way bill where AATO is 20 Cr or more
The GST E-Way Bill System has issued an important update dated November 6, 2023. Starting from November 20, 2023, taxpayers with an Annual Aggregate Turnover (AATO) of Rs 20 Crore and above are required to implement Two-Factor Authentication (2FA). To ensure smooth management of E-Way Bill (EWB) activities, users are urged to complete the 2FA registration and establish sub-users.
In an effort to bolster the security of the E-Way Bill and E-Invoice System, NIC is introducing a Two-Factor Authentication mechanism for logging in. In addition to the traditional username and password, this new system will require users to authenticate using a One-Time Password (OTP).
This OTP can be received through three different channels:
- SMS: The OTP will be sent to your registered mobile number via SMS.
- ‘Sandes’ App: You can download and install the ‘Sandes’ messaging app, provided by the government, on your registered mobile number to receive the OTP.
- ‘NIC-GST-Shield’ App: This mobile app, offered by the E-Way Bill/E-Invoice System, enables OTP generation. It can be downloaded exclusively from the E-Waybill/E-Invoice portal via the link ‘Main Menu 2-Factor Authentication Install NIC-GST-Shield’. After installation and registration, ensure that the app’s time is synchronized with the E-Way Bill/E-Invoice system. When you open the app, an OTP will be displayed, and you can use it for authentication. This OTP refreshes every 30 seconds, and it doesn’t require an internet connection or mobile network dependency for OTP generation.
To register for Two-Factor Authentication, access the ‘Main Menu 2 Factor Authentication’ after logging into the E-Way Bill System and confirm the registration. Once confirmed, the system will prompt for OTP in addition to your username and password. OTP authentication is specific to individual user accounts, and sub-users of GSTIN will have separate authentication based on their registered mobile numbers in the E-Way Bill/E-Invoice System. It’s worth noting that while this 2FA facility is currently optional, it will become mandatory in the future. Users can also choose to deregister this facility at any time using the ‘2 Factor Authentication Registration/Deregistration’ link.
[pdf_attachment file=”1″ name=”optional file name”]