Security Enhancements

2 factor Authentication

Driving economic growth in Australia and New Zealand by supporting local businesses through a trusted Network

At ICN, we take the security and privacy of our clients very seriously. We are constantly enhancing our products and services to ensure the security of your data and the data of others within our systems. As part of this process, we have decided to implement new security measures to help protect your company's account with us and have introduced two-factor authentication (2FA) to your account. 2FA is a security mechanism that requires users to provide two different forms of identification before they can access the account.

By implementing 2FA, we are adding an extra layer of security to your company's account, making it more difficult for attackers to gain unauthorised access or steal sensitive information. Even if your password is compromised, the attacker would still need to have the physical token or mobile device to successfully authenticate.

What is 2FA?

2-Factor Authentication (2FA), or 2-step Verification, is an extra layer of security added to the sign-in process to help prevent unauthorised users from accessing your ICN Gateway account.

After entering your username and password, you may be prompted to set up an authentication application on your mobile device. This device may be any Apple, Windows or Android mobile phone or tablet. Once you have set up 2FA, you will be prompted for the 2FA authentication code each time you log in.

Do I have to set up 2FA?

Yes, you will.

When you sign in to your account, we will ask you to install an authenticator application and enable 2FA. This process will enable us to ensure that no other person may use your account details to log in to our systems without your authorisation.

What if I have a generic email address, e.g. info@ or tenders@ ?

Only one user will be able to use a generic email address. Each login must now be unique. Shared logins are not good practice and also poses a security risk.

Please note: There are no restrictions to how many contacts a company can have on a company profile, so this is easily addressed by adding additional contacts.

How does it work?

In a 2FA system, the first form of user identification is your username and password. The second form of identification is created by a special algorithm, synchronised with the authentication device you have authorised. We suggest using a smartphone application, such as Google Authenticator, Microsoft Authenticator, or Duo, as the primary tool for synchronising codes.

NOTE: When you scan the QR code provided, please complete this from within your authenticator application – do not use your camera.

The authenticator application generates a six-digit code, which changes every 30 seconds, for you to enter when you log in. Being synchronised with our servers, this code verifies that your login credentials are being used by you only. You will need to use the authenticator application to verify yourself whenever you log in to Gateway, other ICN applications or ICN websites.

Verifying your email address

When you sign in to one of ICN’s websites or applications, you may be asked to verify your email address associated with your account. We will do this by sending a verification link to your registered email. All you need to do is click the link to confirm you have received the email and that it is valid.

We are taking this step to ensure that all email addresses registered with ICN are valid and still in use. This will also help reduce the potential for malicious actors to infiltrate our systems using expired, inactive, or incorrect email addresses, thereby protecting your data from being inadvertently provided to unauthorised persons.

Verifying your mobile phone number

When you sign in to your ICN account, we may ask you to nominate a mobile phone number for authentication. We will verify this number by sending a 6-digit code via SMS and then ask you to enter that code into an on-screen prompt. This verified phone number allows us to provide an extra layer of security in case we detect any unusual activity on your account in the future.

It also provides you with a secure way to reset your 2FA should you change mobile phone or are otherwise unable to authenticate normally.

Installing Authenticator on your Android phone

Please follow the steps below. Please note that when you scan the QR code provided you must be in your authenticator app – do not use your camera.

App Requirements

You may use Microsoft Authenticator, Google Authenticator, Duo or any other Time-based One-Time Password (TOTP) generator on your Android device. The following instructions detail the installation and configuration for Google Authenticator. Although the installation instructions may be slightly different for other authenticator applications, the process will be similar.

Download Authenticator

Open the Google Play store and search for your chosen authenticator application.
Click on the application details to install the application from the Google Play store.

Set up Authenticator

If you have already set up your authenticator application, open the application, select add account, and then skip to Step 3 below.

Open Google Authenticator and click "Get Started".
Select Scan a QR Code
If your device asks to “Allow Authenticator to take pictures and record video” select “While using the app”.
Scan the QR code on Gateway.
Click "Complete setup and Verify 2FA".
Enter the six-digit code from the authenticator into the prompt on Gateway.
Click "Verify" to complete logging in.

Installing Authenticator on your iPhone

Please follow the steps below. Please note that when you scan the QR code provided you must be in your authenticator app – do not use your camera.

App Requirements

You may use Microsoft Authenticator, Google Authenticator, Duo, or any other Time-based One-Time Password (TOTP) generator on your iPhone. The following instructions detail the installation and configuration for Google Authenticator. Although the installation instructions may be slightly different for other authenticator applications, the process will be similar.