E-Bayar Secure 2FA FAQ's

Main terms and concepts

First of all, let's quickly get on the same page with the main terms and concepts. If you're familiar with all of them, just skip to the main part.

What is 2-factor authentication?

Better writers have written better articles about it, here's a link to one of them.

Are 2-factor authentication and 2-step verification the same thing?

Technically, no. 2FA is based on the concept of using two different authentication 'factors': 'something I know' (a password, a pin-code, a verification code), 'something I have' (a mobile phone, a hardware authentication token, a printed code), and 'something I am' (fingerprint, iris, face). So, two-factor authentication combines two different types of authentication method: a password and a hardware token, a pin-code and a face recognition etc.

Google 2-step verification is a combination of two authentication steps that technically relate to the same factor. For example, a password and a verification code that is sent to your mobile phone is still 'something I know', not 'something I have' since a code can be theoretically intercepted by the man-in-the-middle attack. However, it is still safer to use two steps of verification than just one, as it doubles the work for the attackers.

E-Bayar enables 2FA with an SMS or authenticator app in your phone.

What is the E-Bayar Secure 2FA key?

E-Bayar's Secure 2FA key is a letter code that is generated with a QR code when you enable 2-factor authentication in your E-Bayar account. You need it to connect the authenticator app in your phone or other device to your account. We strongly suggest that before you enable the 2FA, you save the Secure 2FA key and take a screenshot of the QR code and keep them safely, preferably offline. If you ever lose your phone, it will be so much easier to restore your E-bayar OTP token to access your account.

For SMS method, a 6 character combination of digit and number is sent to your registered mobile phone number (currently only supported for Malaysian mobile phone number).

What is an OTP-token?

Simply put, an OTP-token (one time password token) is a 6 digit code generated in your authenticator app for a specific account. You can find more information about OTP tokens here.

Can I use the QR code or 2FA key twice?

Yes, you can. And it's a good thing since it allows you to restore your OTP-token account on a different device and even in a different authenticator app in case you lose access to your old one.

Can I use both SMS and 2FA Key?

No. You need to choose only one method for this. At the moment, for user with registered international mobile phone number is required to use authentication app.

For user with Malaysian registered mobile phone number, by default your 2FA method is SMS but you can choose to use authenticator application by changing the 2FA method in your profile's security section

How do I enable 2FA in my E-Bayar account?

By default all user with Malaysian registered mobile phone number will receive OTP code in your SMS. If your choose authentication app, please follow the guide below:

Step 1. Install the authenticator app on your phone. It can be Google Authenticator, Authy, whatever you choose.

Step 2. Enable 2FA in your E-Bayar account (automatic)

  • In the E-Bayar website: once you enter your username and password, you will see a QR code and a Secure 2FA key.
  • Install the authenticator app (if you have not done it)
  • Open the authenticator on your app and scan the QR code on your desktop with your phone. You can also manually input the 2FA key to the authenticator app if your scanner is not working or you are using your mobile phone to open E-bayar portal
.

Step 3. The authenticator app will generate a 6 digit code that you need to input into your E-bayar account to enable the 2FA.

Now, if you log out of your E-bayar account, you will only be able to get back in if you input your login and your password (that's usual) and the 6 digit code, generated in the authenticator app. That's it. No other options.

I uninstalled the authenticator app. How do I get to my account now?

If you enabled 2FA authenticator, you need to input the 6 digit code to enter your account. You can get that code in the E-bayar account of your authenticator app. If you uninstalled the app on your phone, you need to reinstall it from the app store. The accounts that you stored in your authenticator app, including the E-bayar account, should be accessible once you login into your authenticator.

Please take a look at the special instructions for Authy users below.

I upgraded the OS in my phone. How do I access the authenticator?

You need to reinstall the authenticator in the upgraded OS. Download the app from the app store and login to your authenticator. Your previously stored accounts, including the E-bayar account, should be accessible and the codes generated with it will be valid.

Please take a look at the special instructions for Authy users below.

I changed my phone number. What do I do now?

If you have changed your phone number, but not the device itself, you shouldn't have problems accessing your authenticator app since it does not require access to the Internet or mobile network. However, you should change the phone number to your new one in the authenticator settings.

For Google Authenticator, you need to change the phone number in the Google account settings. Here's how you do it.

For Authy, you can change the phone number in the app settings. Here's how you do it.

If your 2FA method is SMS, you need to contact E-bayar administrator to change your registered mobile phone number.

I changed my phone (the device). How do I get my codes now?

If you have changed your phone, but still use the same phone number and the same account on the app store, you need to install the authenticator on a new device. When you do so, your accounts should be accessible through the authenticator app.

Please take a look at the special instructions for Authy users below.

I changed my phone and the phone number. What do I do to use the authenticator?

You need to reinstall the authenticator app on your new device with the same app store account. When you do so, your accounts should be accessible through the authenticator app. Then, change your phone number in the authenticator settings.

For Google Authenticator, you need to change the phone number in the Google account settings. Here's how you do it.

For Authy, you can change the phone number in the app settings. Here's how you do it.

Also, take a look at the special instructions for Authy users below.

I lost my phone. What do I do?

It depends on whether you have saved your E-Bayar 2FA key / QR code.

If you have saved your E-Bayar 2FA key, install an authenticator app on a new device, connect it to the E-Bayar account by scanning the the same QR code that you used to connect the previous version of your authenticator app and use this code to login to your account.

If you haven't saved your E-Bayar Secure 2FA key, you need to get access to your old authenticator account and get the E-bayar code there.

You can also contact E-Bayar Administrator to reset your 2FA Key

If you used Google Authenticator, here are the official instructions from Google.

If you used Authy, here's what they suggest.

Special instructions for Authy users

Please note that to restore your accounts in Authy, you will need your old phone number and the backup password, so please make sure that you have enabled Authy's backup recovery. If you haven't, you won't have access to your previous Authy account, and consequently to your E-bayar OTP-token (6 digit codes). In this case, the only way to restore your account is to use your Secure 2FA key or the QR code that you used to enable 2FA in the E-bayar account or contact E-bayar Administrator.

 

I haven't found the answer to my questions here

Well, that's unfortunate but quite possible. If you haven't found what you were looking for in this FAQ, describe your issue in a contact us section and we will try to help you.

© Copyright E-Bayar Kerajaan Negeri Melaka 2019 version 2.0

Best viewed on Google Chrome, Mozilla Firefox & Internet Explorer 10.0 and above with resolution higher than 1360 x 768 pixels.