National Informatics Centre

2-Factor Authentication for e-Way Bill and e-Invoice System

To enhance the security of e-Way Bill/e-Invoice System, NIC is introducing 2- Factor Authentication for logging in to e-Way Bill/e-Invoice system. In addition to username and password, OTP will also be authenticated for login.

There are 3 different ways of receiving the OTP. You may enter any of the OTP and login to system. The various modes of generating OTP are explained below:

1. SMS: OTP will be sent to your registered mobile number as SMS.
2. On ‘Sandes’ app: Sandes is a messaging app provided by government so that you can send and receive messages. You may download and install the Sandes app on your registered mobile number and receive the OTP in it.
3. Using ‘NIC-GST-Shield’ app: ‘NIC-GST-Shield’ is a mobile app provided by e-Way Bill /e-Invoice System, so that OTP can be generated by using the app. This app can be downloaded only from the e-Waybill / e-Invoice portal from the link ‘Main Menu 2-Factor Authentication Install NIC-GST-Shield’. Download, install and register this app on your registered mobile number. You should ensure the time displayed in the app should be in sync with e-Way bill / e-Invoice system. On opening the app, OTP is displayed. You may enter this OTP and continue the authentication. The OTP gets refreshed after every 30 seconds. You will not require internet or any dependency on mobile network for generating the OTP on this app.

Registration for 2-Factor Authentication:

On logging to e-Waybill System go to Main Menu 2 Factor Authentication and confirm the registration. Once confirmed, the system will ask OTP along with username and password. The OTP authentication is based on individual user accounts. The sub users of GSTIN will have separate authentication depending on their registered mobile number in the e-Way Bill/ e- Invoice System. Once you have registered for 2 Factor authentication, then the same is applicable for both e-Way bill and e-Invoice system.

You may de-register this facility anytime using the link ‘2 Factor Authentication Registration / Deregistration'. This facility is presently being introduced on optional basis; however, in future it will be made mandatory.