Security Settings

Updated
  • 2 minute(s) read
Prev Next

Staff members can set up two-factor authentication on their accounts for enhanced security. This feature adds an extra protection layer by requiring verification from a trusted device, ensuring account access even if your password is compromised. To enable two-factor authentication, log in to your staff account in Narmi Command, then select the profile menu > Security.

Narmi Command sidebar with the Security option highlighted..

The page that appears shows whether two-factor authentication (2FA) is “Active” or “Inactive” for the logged-in staff user. “Active” means the staff user has a valid 2FA method and “inactive” means they do not have a valid 2FA method. Note: If your institution requires a 2FA method, this is always “Active,” as the staff user must have at least one valid 2FA method.

Security page showing account authentication methods including two-factor authentication and recovery codes.

To set up two-factor authentication, select one of the four authentication methods:

  • Authenticator – Use this method to enter verification codes generated by time-based one-time password (TOTP) apps, such as Google Authenticator, Duo Mobile, or Microsoft Authenticator.

    To add an authenticator app:

    1. Select Authenticator > Authenticator.
      Interface showing "Authenticator" with a plus sign next to it. Help text describes getting verification codes from an authenticator app, even when offline.

    2. Use the authentication app to scan the QR code that appears, then select Next.

      Onscreen instructions for adding an authenticator using a QR code in the app.

    3. Enter the 6-digit code generated by the app, add an optional nickname, and then select Verify.

      Input fields for adding an authenticator with instructions for entering a code.
      A confirmation appears once successfully verified, and the app is added to the list. Select the three dots to Edit the nickname or Delete the app.
      Instructions for using an authenticator app with options to edit or delete.

  • Recovery codes – When you cannot access any of your enabled devices and can't receive a two-factor authentication code, select Recovery codes > Get Recovery codes to get ten backup codes. Each code can only be used once.
    Instructions to generate backup codes for secure sign-in access.
    On the page that appears, record the recovery codes and store them in a secure location. See Using Recovery Codes for instructions.
    List of ten recovery codes available for secure sign-in access.
    If you need to regenerate the codes at a later date, select the refresh icon. Note: This will invalidate any previous recovery codes.

    Interface with refresh icon highighted.

  • Phone verification – Use this method to receive verification codes by Short Message Service (SMS) text on a mobile phone or by voice call on a landline phone. Texts will include your financial institution's short name for additional security and a better user experience. To customize the wording of the text message, go to Customize the SMS Message. Only U.S. phone numbers are supported (international phone numbers are not supported). Those without access to a U.S. phone number can add an authentication app, like Google Authenticator.

    To add a phone number:

    1. Select Phone verification > plus sign.
      Phone verification prompt with plus sign highlighted.

    2. Enter a U.S. number and select how you would like to receive the code: Text or Call.
      Phone number verification prompt with options for receiving a verification code.

    3. Enter the code received and select Verify.

      Phone number verification prompt requesting a code for authentication.


      A confirmation message appears, and the phone number is added to the phone verification list. Select the three dots to Edit the verification method (Text or Call) or Delete the phone number.
      Phone verification section showing a verified number and options to edit or delete.

  • Email verification – Use this method to receive verification codes at the email address on file. Note: We recommend using the Authenticator or Phone verification methods instead, as email verification is the least secure of the available 2FA methods.
    After selecting Email verification, select Verify email. Enter the code sent to your email address, and select Verify.

    Email verification prompt requesting a 6-digit code for account confirmation.


    A confirmation message appears once successfully verified.

Related articles