Understanding Mercury 2FA

An introduction to two-factor authentication

Two-factor authentication (2FA) is a modern security practice used by a growing number of websites and institutions online. In addition to your email and password (the “first” factor), many organizations will require an additional authentication method (the “second” factor) to ensure that you, and only you, are accessing your account.

This second authentication method factor can be any number of things – a 6-digit code delivered via SMS (very common, but also potentially insecure), a hardware token, a fingerprint (or face scan), or even voice-based delivery. Increasingly, many organizations use TOTP (a time-based one-time password) – this allows users to generate a code on their phone, laptop, or smartwatch, even if the device isn’t connected to the internet. The code changes every 30 seconds, which makes hackers’ attempts to gain unauthorized access much less successful.

In general, you’ll provide the TOTP code after you enter your email and password, although this process can vary per institution.

2FA @ Mercury

Mercury cares deeply about your account’s security, so we require you to maintain an additional authentication method. While you can choose any of the authentication methods mentioned above, the most basic requirement is that you set up a 2FA app. When you log into mercury.com (or the mobile app) after a period of inactivity, or if you login from a device we haven’t seen before, you’ll be prompted to use the 2FA app to generate a 6-digit security code – this is 2FA in action.

The Mercury mobile apps (iOS, Android) have 2FA support built-in - this means that your Mercury app can generate that 6-digit 2FA code and act as your additional authentication method when logging in, either on mobile or web.

Do I have to use the Mercury iOS/Android app as my 2FA app?

We’re biased and we think our iOS/Android apps are the easiest way for most users to generate those 6-digit 2FA codes, but we also believe the best security is the one you’re comfortable using.

If you’re already using another 2FA app – Authy, Google Authenticator, LastPass, 1Password, etc. – then feel free to use that for Mercury too.

Setting up 2FA

We’ve got a separate article for setting up 2FA - see that here.

How do I use Mercury 2FA?

Great question! We’ve got an article for using Mercury 2FA here.

Did you find this article helpful?