User Profile
Last updated
Last updated
While the creation and permission-/role supervision is in the hands of the merchant user administrator, a user still has the ability to change certain things about their login, like the e-mail, name and password. This chapter covers all areas, all individual users have access to, regardless of permission, aka their user-profile.
To access their user-profile, the user simply has to click on their user name at the top of the backoffice web page, once they have logged in.
You'll first be greeted with the basic settings, where a user can change their name and the language which they want to receive e-mails in.
As the name imples, this tab allows the user to change their password.
Here, the user can change their email-address, which will also be used for any kind of notification, like sending password reset links.
This will also change the username, with which the user logs into the Saferpay Backoffice.
To enable 2FA, a user has to first set it up.
Saferpay highly recommends using 2FA, as it offers additional security against account theft.
As the rate of cyber-attacks increases with each year, so does the number of hacked accounts. It becomes apparent, that the old User|Password system no longer provides enough security to secure highly valuable logins, like your Saferpay login.
If this login would be compromised, e.g. by password-theft and the like, an attacker would, in the worst case, be able to execute all sorts of malicious actions on your account. For example executing refunds for shipped goods, or transferring money to unwanted places.
This is where 2FA comes in.
2FA is an additional hurdle for an attacker to overcome during login, by requiring an additional OTP-Code (Factor) to be entered. That is where the "2" in 2FA comes from. It is the second factor of authentication, in addition to your password, which is the first factor.
The second factor is deliberately separated from the first, so that in case of the theft of one of those factors, the other factor is still uncompromised. Since both factors are needed for login, an attacker will be unable to log into your account, with just knowing one of the two needed factors.
In order for this to work properly, you should not have both factors (Password and OTP-generator) present on one device, e.g. your phone.
If someone would steal said device, they'd be in possession of both factors, rendering the whole 2FA principle useless.
Make sure, that in general and especially if you still decide to do this, your device is sufficiently secured. For example by encrypting your phone, using a secure unlock-method, using password managers with a sufficiently strong master password etc.
Security concerns and PCI compliance dictate that Saferpay only offers certain functions with 2FA enabled.
The following services are only available, if 2FA has been activated:
PAN decryption within transaction details
Unreferenced refunds (credits) within the backoffice
Further note, that a password reset also requires you to enter your 2FA code, if 2FA has been activated. It is not a requirement for a password reset in general, however.
A user, that has been created with the user administration.
As of now, only users, that are also listed within the user-administration, do support 2FA. If your user is not listed there, then 2FA is currently not available for you.
An OTP-capable authenticator app on your phone
Like Google- , or Microsoft Authenticator
1 - In order to activate 2FA, please navigate to your user-settings, by clicking on your user-name in the top and then to Two-factor authentication.
2 - Once there, please open up the OTP authenticator on your phone and create a new entry.
3 - When asked, please scan the QR-Code from the Saferpay Backoffice.
4 - Enter the the OTP-Code generated by the app and your login-password, then click on Save.
All done. Two-factor authentication is now active on your account.
Once activated, you'll now be asked to enter the app-generated OTP-code on login, after entering your username and password.
If a 2FA reset for a user is needed, but the user cannot do it themselves, it can also be done by a merchant user-administrator.
