We provide an extra layer of security for users to add to their accounts on Cowrywise using token-based two-factor authentication (2FA). This is in addition to the use of passwords and PIN but will specifically apply to authorising transactions via a one-time passcode (token).
While SMS can indeed be used as a means of 2FA, it's a bad idea. SMS messages can be hacked and spoofed easily by spammers. They can also be socially engineered to make the recipient provide the code sent to the phone using MITM (Man In The Middle) attack patterns. With token-based 2FA, the approval codes can only go to a registered device.
How to set up 2FA:
From profile go to the security screen to find the 2FA option and toggle it on.
Enter your PIN and set your security questions*.
Proceed to connect your account to an authenticator app. We recommend Google Authenticator.
Enter the OTP code on the Cowrywise app to complete the connection. (You will see a screen saying you’re good to go if the connection is successfully completed).
Once 2FA is set on your account, you will need to get an OTP from your authenticator app to complete transactions on your Cowrywise account.
*Note: security questions cannot be changed and we don't store it. Make sure to store it somewhere secure for your use. Security questions will also be used for other security-related actions on Cowrywise
How to Manually set up 2FA
If you’re using another authenticator app separate from Google Authenticator or want a manual setup, follow these steps after turning on the button:
Select the setup manually option
Copy the key (tap the box it’s in to copy it)
Go to the authenticator app (if this is the first account you’re adding to the authenticator select “Begin Setup, then manual entry”. If you’ve been using the authenticator app previously, select the plus sign on the screen, then manual entry”)
Enter the email address and the copied key, (make sure the time-based option is toggled on) and then save. An OTP will be generated for you
Go back to the Cowrywise app to click continue.
Enter the OTP generated for you on the authenticator app and you should be all set up
How to Turn off 2FA:
Click the 2FA button to toggle it off
Enter your PIN
Select the “Yes, turn off 2FA” option
Enter the answers to your security questions
(We only advise turning 2FA off if you lose your phone)
How to Reset 2FA:
When you turn off 2FA on your Cowrywise account, turning it on again will mean that you’re resetting it. The previous account link you did on Google Authenticator will no longer be valid. To reset, you can either:
First, go to Google Authenticator to delete the initial connection.
At the point of setting it up again, you will be redirected to GA to add your email address, click okay to save the key and then click replace on the “account already exists” modal.
Do let us know if you have any questions.