E-Bayar Secure 2FA FAQ's
First of all, let's quickly get on the same page with the main terms and concepts. If you're familiar with all of them, just skip to the main part.
Better writers have written better articles about it, here's a link to one of them.
Technically, no. 2FA is based on the concept of using two different authentication 'factors': 'something I know' (a password, a pin-code, a verification code), 'something I have' (a mobile phone, a hardware authentication token, a printed code), and 'something I am' (fingerprint, iris, face). So, two-factor authentication combines two different types of authentication method: a password and a hardware token, a pin-code and a face recognition etc.
Google 2-step verification is a combination of two authentication steps that technically relate to the same factor. For example, a password and a verification code that is sent to your mobile phone is still 'something I know', not 'something I have' since a code can be theoretically intercepted by the man-in-the-middle attack. However, it is still safer to use two steps of verification than just one, as it doubles the work for the attackers.
E-Bayar's Secure 2FA key is a letter code that is generated with a QR code when you enable 2-factor authentication in your E-Bayar account. You need it to connect the authenticator app in your phone or other device to your account. We strongly suggest that before you enable the 2FA, you save the Secure 2FA key and take a screenshot of the QR code and keep them safely, preferably offline. If you ever lose your phone, it will be so much easier to restore your E-bayar OTP token to access your account.
For SMS method, a 6 character combination of digit and number is sent to your registered mobile phone number (currently only supported for Malaysian mobile phone number).
Simply put, an OTP-token (one time password token) is a 6 digit code generated in your authenticator app for a specific account. You can find more information about OTP tokens here.
Yes, you can. And it's a good thing since it allows you to restore your OTP-token account on a different device and even in a different authenticator app in case you lose access to your old one.
No. You need to choose only one method for this. At the moment, for user with registered international mobile phone number is required to use authentication app.
For user with Malaysian registered mobile phone number, by default your 2FA method is SMS but you can choose to use authenticator application by changing the 2FA method in your profile's security section
By default all user with Malaysian registered mobile phone number will receive OTP code in your SMS. If your choose authentication app, please follow the guide below:
Step 1. Install the authenticator app on your phone. It can be Google Authenticator, Authy, whatever you choose.
Step 2. Enable 2FA in your E-Bayar account (automatic)
Step 3. The authenticator app will generate a 6 digit code that you need to input into your E-bayar account to enable the 2FA.
Now, if you log out of your E-bayar account, you will only be able to get back in if you input your login and your password (that's usual) and the 6 digit code, generated in the authenticator app. That's it. No other options.
If you enabled 2FA authenticator, you need to input the 6 digit code to enter your account. You can get that code in the E-bayar account of your authenticator app. If you uninstalled the app on your phone, you need to reinstall it from the app store. The accounts that you stored in your authenticator app, including the E-bayar account, should be accessible once you login into your authenticator.
Please take a look at the special instructions for Authy users below.
You need to reinstall the authenticator in the upgraded OS. Download the app from the app store and login to your authenticator. Your previously stored accounts, including the E-bayar account, should be accessible and the codes generated with it will be valid.
Please take a look at the special instructions for Authy users below.
If you have changed your phone number, but not the device itself, you shouldn't have problems accessing your authenticator app since it does not require access to the Internet or mobile network. However, you should change the phone number to your new one in the authenticator settings.
For Google Authenticator, you need to change the phone number in the Google account settings. Here's how you do it.
For Authy, you can change the phone number in the app settings. Here's how you do it.
If your 2FA method is SMS, you need to contact E-bayar administrator to change your registered mobile phone number.
If you have changed your phone, but still use the same phone number and the same account on the app store, you need to install the authenticator on a new device. When you do so, your accounts should be accessible through the authenticator app.
Please take a look at the special instructions for Authy users below.
You need to reinstall the authenticator app on your new device with the same app store account. When you do so, your accounts should be accessible through the authenticator app. Then, change your phone number in the authenticator settings.
For Google Authenticator, you need to change the phone number in the Google account settings. Here's how you do it.
For Authy, you can change the phone number in the app settings. Here's how you do it.
Also, take a look at the special instructions for Authy users below.
It depends on whether you have saved your E-Bayar 2FA key / QR code.
If you have saved your E-Bayar 2FA key, install an authenticator app on a new device, connect it to the E-Bayar account by scanning the the same QR code that you used to connect the previous version of your authenticator app and use this code to login to your account.
If you haven't saved your E-Bayar Secure 2FA key, you need to get access to your old authenticator account and get the E-bayar code there.
You can also contact E-Bayar Administrator to reset your 2FA Key
If you used Google Authenticator, here are the official instructions from Google.
If you used Authy, here's what they suggest.
Please note that to restore your accounts in Authy, you will need your old phone number and the backup password, so please make sure that you have enabled Authy's backup recovery. If you haven't, you won't have access to your previous Authy account, and consequently to your E-bayar OTP-token (6 digit codes). In this case, the only way to restore your account is to use your Secure 2FA key or the QR code that you used to enable 2FA in the E-bayar account or contact E-bayar Administrator.
Well, that's unfortunate but quite possible. If you haven't found what you were looking for in this FAQ, describe your issue in a contact us section and we will try to help you.
Official Portal
of the Melaka State Goverment.
Pengurusan Aduan Awam
report your complaints.
Intranet System
Melaka*Net.
+606-3333333 ext 7656/7749
Bahagian Teknologi Maklumat Dan Komunikasi
Aras 1, Blok Temenggong,
Seri Negeri, Hang Tuah Jaya,
75450 Ayer Keroh, Melaka
MALAYSIA