Update regarding Removal of Email as a 2FA method on Web for Partners

We have temporarily brought back the ability to receive two factor authentication (2FA) codes via Email and disabled the Account Recovery functionality while we work on some enhancements to improve the process of managing requests.

We will send out an update once we’re ready to enable the changes again.

What enhancements will be made?

The following enhancements will be rolled out before the changes are enabled again:

1. The ability to set whether account recovery requests are actioned at the Partner level or Brand level. If it is actioned at the Brand level, Brand Level Users will also be able to action the requests.
   
   
2. The ability to set an Account Recovery Contact who will receive the email notifications for new requests instead of all Partner Level Users being notified
   

What do you need to do?

Review your internal processes‍

To ensure you are prepared for when the changes are enabled again, make sure you know who will handle the requests and how they should be handled. For example, you may want to set up additional workflows and processes.

Prepare your users about the changes‍

Inform your users about the change, reiterating they need to set up either Authentication App or SMS Authentication. For those that have either method already set up but are not using it, have them check everything is up to date i.e. not currently set to a mobile number or authenticator app they no longer have access to.

Recommend your users setup passkeys‍

We recommend users set up a Passkey, as not only does it make logging in easier, but it can also be used in the event that their Authenticator App or SMS Authentication is experiencing issues or they are unable to access their mobile devices.

More information:

Sign in with a passkey - AU | NZ | UK | SG | MY

Set up Two-Factor Authentication (2FA) - AU | NZ | UK | SG | MY