Two Factor Authentication for e-Way Bill and eInvoice System
To enhance the security of the e-Way Bill/e-Invoice System, NIC is introducing 2-Factor Authentication for logging in to the e-Way Bill/e-Invoice system. In addition to username and password, OTP will also be authenticated for login.
There are 3 different ways of receiving the OTP. You may enter any of the OTP and login to system. The various modes of generating OTP are explained below:
1. SMS:OTP will be sent to your registered mobile number as SMS.
2. On ‘Sandes’ app: Sandes is a messaging app provided by the government so that you can send and receive messages. You may download and install the Sandes app on your registered mobile number and receive the OTP in it.
3. Using ‘NIC-GST-Shield’ app: ‘NIC-GST-Shield’ is a mobile app provided by eWay Bill /e-Invoice System, so that OTP can be generated by using the app. This app can be downloaded only from the e-Waybill / e-Invoice portal from the link ‘Main Menu → 2-Factor Authentication → Install NIC-GST-Shield’. Download, install and register this app on your registered mobile number. You should ensure the time displayed in the app should be in sync with e-Way bill / e-Invoice system. On opening the app, OTP is displayed. You may enter this OTP and continue the authentication. The OTP gets refreshed after every 30 seconds. You will not require internet or any dependency on the mobile network for generating the OTP on this app.
Registration for 2-Factor Authentication:
On logging to the e-Way bill System go to Main Menu → 2 Factor Authentication and confirm the registration. Once confirmed, the system will ask OTP along with username and password. The OTP authentication is based on individual user accounts. The sub-users of GSTIN will have separate authentication depending on their registered mobile number in the e-Way Bill/ e- Invoice System. Once you have registered for 2 Factor authentication, then the same is applicable for both the e-Way bill and the e-Invoice system.
You may de-register this facility anytime using the link ‘2 Factor Authentication → Registration / Deregistration’. This facility is presently being introduced on optional basis; however, in future, it will be made mandatory.