An authenticator app is a security tool used for 2-factor authentication (2FA) that enhances the security of online accounts.

You can use it to generate a temporary code, known as a Time-based One-Time Password (TOTP). You then enter this in addition to your regular password to log into an account.

This extra layer of security significantly reduces the risk of unauthorised access to your accounts.

We've developed a new authentication app for your Sage products and services, called Sage Verify. This makes authentication even easier, by introducing push notifications that you tap to approve instead of copying a passcode.

Why use Sage Verify or an authenticator app

Increased security

Authenticator apps are more secure than other forms of 2FA like SMS, as the app generates codes on your device. This means they're not prone to interception from your mobile network or bring captured by SIM-swapping attacks.

You can link authenticator apps to the biometric security on your device, preventing someone using it without your knowledge.

Offline access

Authenticator apps work offline, and generate codes even when your device doesn't have an Internet connection. This is useful when you're travelling or in areas with poor network coverage.

Faster authentication

Authenticator apps provide instant access to codes. SMS messages or phone calls take time to arrive, which network congestion or other factors can delay.

Protection against common threats

They offer protection against phishing attacks and breaches that can occur due to weak or reused passwords.

Privacy

Authenticator apps don't expose your phone number. This helps to protect your privacy and reduce the risk of SIM swapping attacks or other forms of social engineering.

Widespread compatibility

Many online services and websites support authenticator apps. This means you can use the same app for multiple accounts, streamlining the authentication process.

How authenticator apps work

TOTP algorithm

The app uses a secret algorithm, linked to the current time, to generate a unique code every 30-60 seconds. When you log in with your username and password, you're prompted to enter the current TOTP code.

Your attempt to log in is only successful if the code you enter is correct. 

Setup process

Typically, you can scan a QR code provided by the service you're securing. This creates a secure connection between your account and the app.

Choosing an authenticator app

We recommend you use the Sage Verify app, which adds the benefit of notifications that you tap to approve your login attempt.

Third-party authenticator apps are also available however you can only use them to generate a code that you enter during login. Push notifications for your Sage products and services aren't possible with third-party authentication apps.

▼ Click here to view some of the third-party apps that are available.

Safety tips

• Ensure that you secure the device you install the authenticator app to with a passcode or biometric lock
• Keep the QR code and the secret key secure and don't share them

• How to sign up to 2-factor authentication