Two-factor Authentication is an extra layer of security where a trusted device ensures that only you are accessing your account, even if someone else knows your password. To configure two-factor authentication for your staff account, go to Narmi Command > profile menu > Security.
The page that appears shows whether two-factor authentication (2FA) is “Active” or “Inactive” for the logged-in staff user. “Active” means the staff user has a valid 2FA method and “inactive” means they do not have a valid 2FA method. Note: If your institution requires a 2FA method, this is always “Active,” as the staff user must have at least one valid 2FA method.
To set up two-factor authentication, select one from four authentication methods:
Authenticator – Use this method to enter verification codes generated by time-based one-time password (TOTP) apps, such as Google Authenticator, Duo Mobile, or Microsoft Authenticator.
To add an authenticator app:Select Authenticator > Authenticator.
Use the authentication app to scan the QR code that appears, then select Next.
Enter the 6-digit code generated by the app, add an optional nickname, and then select Verify.
A confirmation appears once successfully verified, and the app is added to the list. Select the three dots to Edit the nickname or Delete the app.
Recovery codes – When you cannot access any of your enabled devices and can't receive a two-factor authentication code, select Recovery codes > Get Recovery codes to get ten backup codes. Each code can only be used once.
On the page that appears, record the recovery codes and store them in a secure location. See Using Recovery Codes for instructions.
If you need to regenerate the codes at a later date, select the refresh icon. Note: This will invalidate any previous recovery codes.
Phone verification – Use this method to receive verification codes by Short Message Service (SMS) text on a mobile phone or by voice call on a landline phone. Texts will include your financial institution's short name for additional security and a better user experience. To customize the wording of the text message, go to Customize the SMS Message. Only U.S. phone numbers are supported (international phone numbers are not supported). Those without access to a U.S. phone number can add an authentication app, like Google Authenticator.
To add a phone number:Select Phone verification > plus sign.
Enter a U.S. number and select how you would like to receive the code: Text or Call.
Enter the code received and select Verify.
A confirmation message appears, and the phone number is added to the phone verification list. Select the three dots to Edit the verification method (Text or Call) or Delete the phone number.
Email verification – Use this method to receive verification codes at the email address on file. Note: We recommend using the Authenticator or Phone verification methods instead, as email verification is the least secure of the available 2FA methods.
After selecting Email verification, select Verify email. Enter the code sent to your email address, and select Verify.
A confirmation message appears once successfully verified.