1. Humi by Employment Hero
  2. HR Platform
  3. Account Management and Security
  4. Security

Select your platform and then browse by platform category

Who are you and what section are you in?

When is two-factor authentication (2FA) required?

Declan Manning
Updated

In the Canadian Employment Operating System (EOS), security is paramount. Two-factor authentication (2FA) is a mandatory security measure for all users, providing an essential second layer of protection beyond your password.

What is 2FA?

2FA secures your account by requiring two types of evidence to verify your identity. In Canada, this can be:

  • An SMS code sent to your mobile device.

  • A time-based code from an authentication app (like Google Authenticator).

  • A push notification via the EH Work app.

 

When 2FA is Triggered

You will be prompted to complete a 2FA challenge in the following scenarios:

1. Account Access

  • Login: Every time you log into your Employment Hero account.

  • Session Expiry: If you toggled "Remember me for X days" during your last login, you will only be prompted again once that token expires (typically 30 or 45 days).

2. Sensitive Employee Information

Accessing or editing high-risk data on your own Employee File (or those you manage) requires 2FA verification:

  • Financials: Viewing or updating bank account and direct deposit details.

  • Taxation: Accessing Canada Revenue Agency (CRA) related data, including Social Insurance Numbers (SIN) or TD1 information.

  • Government Contributions: Viewing Canada Pension Plan (CPP) and Employment Insurance (EI) details.

  • Pension Data: Accessing sensitive pension plan or retirement savings information.

3. Security & Account Settings

For your protection, 2FA is required immediately after changing critical security settings:

  • Account email address or password.

  • Recovery security questions and responses.

  • When attempting to disable or reset 2FA settings.

 

Exemptions from 2FA

There are only two scenarios where a 2FA prompt may be bypassed:

  • Remembered Devices: If you have successfully verified on your current device/browser and selected the option to be remembered (usually for a 45-day window).

  • Passkeys: If you utilize a biometric passkey (like FaceID or TouchID) to log in. Using a passkey inherently fulfills the multi-factor requirement. Learn more in our Passkey Guide.

 

Explore Related Content

 

 

Was this article helpful?
0 out of 0 found this helpful