Holders of demat accounts may not be able to log in to their accounts if they do not enable two-factor authentication by September 30, 2022, according to a June 14 circular issued by the National Stock Exchange (NSE).

The circular says that “members shall preferably use biometric authentication” as one of the authentication factors to log on to their demat accounts. The other can be a “knowledge factor” – something only the user knows, like a password or PIN; or a “possession factor” – something only the user has access to, like a one-time password (OTP), security token or authenticator apps on smartphones or desktops. Clients should get the OTP through both email and SMS. In cases where biometric authentication is not possible, the circular mandates, members would have to use a knowledge factor (password/PIN), a possession factor (OTP/security token) and the user ID.

Puneet Maheshwari, Director of online stock trading platform Upstox, says, “Most stockbrokers are following a second authentication factor other than password (such as using a PIN). However, both these factors (i.e., password and PIN) were knowledge factors and cannot be called two different factors for authentication, as mandated by the circular. With the latest circular, the exchanges (NSE and BSE) have reiterated the SEBI’s December 3, 2018, circular on cyber security and cyber resilience framework, which provides for such differentiation in authentication factors. Through the circular, the exchange has now mandated such 2FA for login purposes from September 30, 2022.”

Online stockbroker Zerodha said on its website, “As per new exchange regulations, it is mandatory to enable TOTP 2Factor login on your account before 30th Sep 2022, failing which, you will not be able to log in to Kite (its in-house online trading platform).”

TOTP stands for time-based one-time password. Unlike a traditional OTP that is delivered to you via email or SMS, a TOTP is generated by a TOTP app that is already on your phone. This TOTP is valid only for a short duration – usually 30 seconds – and is regenerated every 30 seconds, said Zerodha.

How to enable two-factor authentication in demat accounts

According to the circular, biometric authentication would be used either with a password/PIN or an OTP/security token. However, where biometric authentication is not possible, then the login to demat accounts must be allowed using a combination of password/pin with OTP/security token.

Maheshwari says, “As biometric authentication for login into demat accounts may not be possible each time, especially in desktop logins, it is likely that stockbrokers may use both password and OTP to enable the login for customers.” One must check with their stockbroker for the method that will be used by them from October 1 to log in to the demat account.

According to Zerodha, to get the TOTP, an individual will have to download one of the following apps on their PC or mobile phone:

a) Google Authenticator

b) Microsoft authenticator

c) Authy

d) Last Pass Authenticator

e) Bitwarden

Users of Upstox will have to enter OTP and PIN. In the case of mobile login, biometrics will be used along with OTP or PIN.

Source link

By fintax360

We Fintax360 team simplify finances and taxes for millions of Indian businesses and people. We educate them about finances, taxes and improve their relationship with money.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: