Page tree
Skip to end of metadata
Go to start of metadata

2-step authentication is a method to secure online accounts. Single Touch Payroll uses 2-step authentication to verify your identity before submitting data to the ATO. It requires you to know something, a password, and possess something, an authentication code created by an app installed on your mobile device, to log in.

The benefit of this approach is that even if someone guesses your password, they also need to be in possession of your mobile device to break into your account. 

Set up 2-step authentication with Google Authenticator on a phone

You will need your iOS or Android device to complete these steps. 

To set up 2-step authentication:

  1. Install the Google Authenticator app on your iOS or Android device.
  2. Open the app and allow it to access your camera.
  3. Tap plus + (iOS) or Begin Setup (Android).
  4. Tap Scan a barcode.
  5. Scan the QR code displayed on your Single Touch Payroll screen.  If you can't scan the QR code, type the key in to the Google Authenticator app. 
  6. Enter the 6-digit verification code displayed in the app and click Verify.

You now have 2-step authentication set up on your mobile device to securely access Single Touch Payroll.

Set up 2-step authentication with the Authenticator Extension in your Google Chrome Browser

If you prefer, you can choose to install the Chrome Authenticator Extension for use with the Chrome browser. Once installed, the Authenticator Extension icon displays on the Chrome Bookmarks Bar. 

  1. Go to the Chrome Authenticator Extension webpage, and click the Add to Chrome button.  The Add "Authenticator" window appears
  2. Click the Add Extension button 
  3. Once the extension is installed, log into your Google account in Google Chrome
  4. Once logged in, If the Bookmarks Bar is not displaying in Google Chrome, navigate to Google Chrome Settings and  select Bookmarks, Show Bookmarks Bar.  The Bookmarks bar appears at the top under the navigation bar at the top of the window
  5. Click the Extensions icon in the top right, and pin the Authenticator extension so it shows on the Bookmarks Bar
  6. Click the Authenticator extension icon, and click the Scan QR Code icon at the top left
  7. Scan the QR code displayed on your Single Touch Payroll screen.  This will then set up the authenticator link to Single Touch Payroll
  8. Double click the 6 digit authenticator code in the Authenticator extension, and paste it into the verification code field and click the verify button.

You now have 2-step authentication set up as an extension in Google Chrome to securely access Single Touch Payroll.

Use 2-step authentication with Single Touch Payroll

To use 2-step authentication:

  • Open Google Authenticator on the device where it is set up.
  • Enter the 6-digit code in the Google Authenticator Code field on the Single Touch Payroll screen and click Verify

Note: The 6-digit verification code updates every 30 seconds and is valid for two minutes. If the time expires, return to your device to get an updated code.

Change your authentication device

If you need to verify using a different device, ask your organisation administrator to cancel your existing 2-step authentication so you can set up another device. 

Cancel 2-step authentication

An organisation administrator can cancel an existing 2-step authentication for an employee.

To cancel an employee's 2-step authentication:

  1. Log in to Attaché Online and select your organisation.
  2. Select the Employees menu.
  3. Find the employee who requested the cancellation by typing the employee's name in the search field.
  4. Click the employee's name.
  5. From the Actions drop-down menu, select Cancel 2-step authentication. Note that this option will show even after cancellation and whether or not two step authentication is set up for the employee.
  6. Review the on-screen information and click Yes.

The employee will receive an email confirming the cancellation. The employee can then set up a different device via the Single Touch Payroll menu.

2-step authentication frequently asked questions

 What are alternative options to the smartphone Google Authenticator App?

If you prefer, you can choose to install the Authenticator Chrome Extension for use with the Chrome browser Once installed, the Authenticator Extension icon displays on the Chrome toolbar. Click the icon to scan the QR code. It also displays your 6-digit google verification code.  See section Set up 2-step authentication with the Authenticator Extension in your Google Chrome Browser above.

Another option is to use an open-source authenticator for Windows, such as WinAuth.

Other alternatives include:

 I cannot scan the barcode while setting up 2-step authentication. What should I do?

If you are having trouble scanning the barcode, manually enter the key on your device. 

  1. In Google Authenticator, tap +.
  2. Ensure that Time-based is selected as the key type.
  3. In Account, type your full email address.
  4. In Key (or Your key), type the key displayed on the Single Touch Payroll screen.
  5. Tap Done/ADD.

Google Authenticator displays the 6-digit verification code.

 Why aren't the Google Authenticator codes working?

If your Google Authenticator codes are not working, check that the time is synced correctly in the app:

  1. Go to the Google Authenticator main menu.
  2. Click Settings.
  3. Click Time correction for codes.
  4. Click Sync now.
  5. The app displays a message confirming the time has been synced. The sync only affects Google Authenticator, your device's date and time settings remain unchanged.

You should now be able to use your verification code to sign in to Single Touch Payroll.

 Do I need an internet connection to use 2-step authentication?

You must have an internet connection to use 2-step authentication. If your internet connection is not available you will not be able to log in to your Attaché Online organisation to enter the verification code.

 What should I do if my phone is lost or stolen?

If your mobile device is lost or stolen change your password immediately via My Profile in Attaché Online.

We recommend your organisation administrator cancels your 2-step authentication from your account. 

 Can I set up multiple devices under my account?

You can set up Google Authenticator to generate verification codes from more than one device.

  1. Install Google Authenticator on all devices you wish to use.
  2. Follow directions as usual to set up 2-step authentication for the mobile app, ensuring to either scan the generated QR code for all devices at the same time or enter the generated secret key on all devices.
  3. Check to ensure all devices are working correctly by entering the verification codes from each device and clicking Verify.

REF: HL0023, HL0027, HL0028 020919   KCS 000048717

Related resources

Learn how to set up 2-step authentication for Single Touch Payroll (2.15 mins video)