Two-factor Authentication Devices

The Two-Factor Authentication section of the Admin Platform's user profile lists the devices chosen by the user for two-factor authentication (2FA), which users can manage in their Digital Banking Security Settings. This article describes the three options in this section.

For more information on 2FA in our products, go to Two-factor Authentication. For information on Twilio, go to Our Standard and Optional Third-Party Vendors.

Generate Backup Codes

Select Generate Backup Codes to generate backup codes for a user. Staff users with the permission "Can generate lockout codes user" can generate backup codes for customers. Only Admin-level staff users with the permission "Can generate lockout codes user" can generate backup codes for other staff users in addition to customers. For instructions, go to Generate Backup Codes for Locked Users.
Warning: This is a very high-risk action. You should only generate backup codes for a user if you are absolutely certain they are legitimate.

Communication Method

Select Communication Method to configure whether an end user gets their 2FA code via text message or phone call. A phone number 2FA device can be either a mobile number type that supports SMS texts or a landline/VoIP number type that supports voice calls. Sometimes Twilio's default number type for a given phone number is incorrect; for example, Twilio is sending 2FA codes via text when the number only supports calls. Or, a Google Voice user is getting 2FA codes via call but they want texts.
This option is enabled only for staff users with the permission “Can update 2FA device number type.” This option will not appear for email or app 2FA devices.

To customize the SMS text message that users receive with their 2FA codes, go to Customize the SMS Message.

Twilio CNAM and Voice Call Integrity

2FA is important to securing user accounts and transactions, but users may sometimes overlook or mistrust 2FA verification phone calls, leading to potential security risks and user inconvenience. To ensure the quality and reliability of phone calls, all Narmi customers are automatically registered for CNAM (Caller ID Name) and Voice Integrity with Twilio and its carrier partners. CNAM allows you to brand landline calls with a business name in the Caller ID field, while Voice Integrity ensures your legitimate calls are not mislabeled as spam.

For users who specified a phone number as the device to receive their 2FA verification codes, the following applies (depending on the communication method selected above): 

• Text messages to mobile phones display your financial institution's name.

• Voice calls to landline phones display your institution's name as the Caller ID.

• Voice calls to mobile phones display your institution's phone number and city, but not your institution's name.

• Voice calls to mobile phones do not display a "Spam Risk" label.

• The voice that reads the verification code for phone calls (on both landline and mobile) reads the name of your institution before delivering the code.

• For institutions that only use our Account Opening product, only Staff users see "Narmi" as the caller ID on landline phones.

Search History

Select Search history to view the notification history for each email address or phone number listed in an individual user’s profile. This allows your staff to verify if a user’s 2FA notifications were delivered and see delivery logs for any SMS alerts that the user has set up. Only SMS notification history is shown. Voice call history to landline phone numbers is not shown.

To access notification history, staff users must have the permission "Can view notification history." Admins can access it by default.

Note: This tool is not available in UAT environments because SMS messages are not sent in UAT.

To learn more about this feature, go to Notification History.