Edit two-step authentication (2FA)

A two-step authentication process adds an extra layer of security, utilising a mobile device to verify that it is you who is accessing the service.

When you set up two-step authentication you would have defined both:

• the second authentication method using an authenticated device; and
• the recovery method in case you no longer have access to the authenticated device.

If you edit the two-step authentication (2FA) authentication method, you may:

1. swap the two-step authentication methods;
2. change the authenticator app to another authenticator app; or
3. change the mobile you are using to receive an SMS, to another mobile.

If you edit the two-step authentication (2FA) recovery method, you may:

1. swap the recovery methods;
2. change the recovery email to another recovery email; or
3. regenerate the recovery codes.

Edit two-step authentication (2FA) authentication method

Use these instructions when you wish to:

1. swap the two-step authentication methods;
2. change the authenticator app to another authenticator app; or
3. change the mobile you are using to receive an SMS to another mobile.

Before proceeding ensure you are signed in. If you need assistance signing in, please read the sign-in chapter and sign in to the required online service.

Step 1: The authentication method associated with two-step authentication (2FA) can be edited via the “Manage my account” function which is available from within the online service.

• Click on the “Manage my account” option under your name, located in the top right corner.
• Or, if you are a FuelWatch subscriber you can click on “Manage my account” after clicking on your name located in the top right corner.

Step 2: In the “Manage my account” page, click on the “Edit two-step authentication” link.

NOTE:  This link will only be visible if two-step authentication is turned on. If you wish to turn on two-step authentication, refer to the set up two-step authentication chapter.

Step 3: Click on the “Edit authentication method” link, located on the right side of the page.

Step 4: You should now see the “Choose authentication method” page.

Ensure you have your mobile device available.

Next, choose which authentication method you want to use:

1. An authenticator app is the most secure of the available methods and is the recommended option.

   However, you must have a smartphone or a device (tablet, iPad) capable of running the authenticator app.

   If you do not already have an authenticator app installed on your device, you will be asked to install the authenticator app during the set-up process.

OR;

2. You can elect to receive an SMS text to your mobile with a unique code that you will enter when signing in.

Once you have decided on the authentication method you will use, select the required option and then click on the “Continue” button located at the bottom of the page.

Step 6: You will now see the “Configure authenticator app” page.

You will receive a warning notice. Please read and then click “Yes” if you wish to proceed or “No” to discontinue the process.

Step 7: Do you have an authenticator app installed on your mobile device?

If you do not, then you must install an authenticator app on your device now.

There are a number of authentication apps available on the market. You can find an authenticator app by going to the Google, Microsoft or Apple app stores and searching “authenticator app”. Please select an app that is well-rated. We do not recommend one over the other.

Step 8: Once you have installed the authenticator app, use the authenticator app to scan the QR code on the page.

Step 9: Open your authenticator app to get the generated verification code.

Enter the code into the “Verification code” field and click on the “Verify code” button located underneath the “Verification code” field.

Step 10: You will now see the “Verify my mobile number” page:

• confirm the country code, located in the first field, is correct (assuming the customer is located in Australia, this field should display “Australia (+61)”);
• change your mobile number in the “Mobile number” field; and
• click on the “Send code” button located underneath the “Mobile number” field.

Step 11: You will now see the “Verify my mobile number” page requesting you enter a verification code.

REMINDER: You must keep this page open while checking your mobile device.

Step 12: Check your mobile device for a six (6) digit verification code.

REMEMBER: It can take several minutes for an SMS to be delivered.

If you did not receive the SMS:

• Make sure you have entered the correct mobile number for the SMS. If the wrong mobile number was entered, clear the mobile number field, enter the correct number and click on the “Send code” button again.
• Check your network is available.
• If there is still no SMS, get a new verification code by clicking on the “Get new code” button, however note that any previous verification code(s) sent will no longer work.

Step 13: Enter your six (6) digit verification code into the “Verification code” field, and then click on the “Verify code” button.

Should you receive an error message, such as “The specified verification session is invalid or may have expired”, then:

• Click on the “Get new code” button, located to the right of the “Verify code” button.
  • Another text message will be sent to your mobile device. Ignore any previous codes sent and enter this new code into the “Verification code” field; and
  • Click on the “Verify code” button.

Step 14: You will now see the “Verify my mobile number” page with your correct mobile number displayed in the “Mobile number” field.

Confirm the supplied mobile number is correct, and save it by clicking on the “Continue” button.

Clicking on the “Back” button will enable you to go back and change your mobile number.

Step 15: You will now be directed to the “Thank you” page, confirming the authentication method associated with your two-step authentication has been edited.

Click on the “Continue” button.

Step 16: You will be returned to the “Manage my account” page.

From here you can click on the “Back to” button, located at the top of the “Manage my account” page. This will return you to the online service.

Edit two-step authentication (2FA) recovery method

Use these instructions when you wish to:

1. swap the recovery methods;
2. change the recovery email to another recovery email; or
3. regenerate the recovery codes.

Before proceeding ensure you are signed in. If you need assistance signing in, please read the sign-in chapter and sign in to the required online service.

Step 1: The two-step authentication (2FA) recovery method can be edited via the "Manage my account" function which is available from within the online service.

• Click on the "Manage my account" option under your name, located in the top right corner.
• Or, if you are a FuelWatch subscriber you can click on "Manage my account" after clicking on your name located in the top right corner.

Step 2: In the "Manage my account" page, click on the "Edit two-step authentication" link.

NOTE: This link will only be visible if two-step authentication is turned on. If you wish to turn on two-step authentication, refer to the set up two-step authentication chapter.

Step 3: Click on the "Edit recovery method" link, located on the right side of the page.

Step 4: Enter your password and click on the "Continue" button

Step 5: You will now see the "Choose a recovery method" page.

A recovery method enables you to access your account in the event you lose your mobile phone (or other authenticated device). It ensures that in the event of a lost or non-functional device, you can go through a simple yet secure process to recover your account.

Select your recovery method by clicking on the radio button for either:

• "via a secondary email address"; or
• "via recovery codes"; and

Click on the "Continue" button located at the bottom of the page.

If you have selected:

• "via a secondary email address" go to Step 6.
• "via recovery codes" go to Step 11.

Step 6: Enter your secondary email address into the "Recovery email" field and click on the "Send code" button, located at the bottom of the page.

Step 7: You will now see the "Verify recovery email" page requesting you enter a verification code.

REMINDER: You must keep this page open while checking your recovery email.

Step 8: Check your secondary email address and confirm you have received an email titled "recovery email verification code".

REMEMBER: It can take up to 10 minutes for the email to be delivered.

If you did not receive the email:

• Make sure the correct email address was entered. If the wrong email address was entered, clear the email field, enter the correct email and click on the "Send code" button again.
• Check your Junk, Spam or Trash folders.
• Confirm that you are looking at the secondary email inbox.
• If there is still no email, get a new verification code by clicking on the "Get new code" button, however, note that any previous verification code(s) sent will no longer work.
• If, after 20 minutes the email still has not been received, there may be a technical issue. In this instance, please contact us for further assistance. Contact details can be found in the Need further assistance? chapter.

Step 9: Enter the verification code you received in your email and click on the "Verify code" button.

NOTE: You have 20 minutes from when the email was sent, to enter the verification code and click on the "Verify code" button.

Should you cut and paste the verification code directly from your email via the double-click function, make sure that you have not pasted any extra spaces before or after the code.

If the verification code has expired, please click on the "Get new code" button.

Step 10: You will now be directed to the "Thank you" page, confirming the recovery email has now been updated. Click on the "Continue" button.

You will receive an email titled "recovery email updated" to the account email.

You will also receive a "recovery email updated" email which will be sent to the prior recovery email address.

Step 11: Click on the "Download" button and save the recovery codes in an accessible location.

NOTE: For security reasons, once you continue, the recovery codes cannot be downloaded a second time. You MUST save or print a copy and store it in a safe location.

Step 12: Once downloaded and saved, click on the "I have saved my recovery codes." checkbox, and then click on the "Continue" button, located underneath the checkbox.

Step 13: You will now be directed to the "Thank you" page, confirming the recovery codes have now been updated. Click on the "Continue" button.

You will also receive an email titled "recovery codes updated".

Step 14: You will be returned to the "Manage my account" page.

From here you can click on the "Back to" button, located at the top of the "Manage my account" page. This will return you to the online service.