goods and service tax

Published on 4 April 2025

Mandatory Two-Factor Authentication for e-Way Bill and e-Invoice Users

Introduction

Effective April 1, 2025, the National Informatics Centre (NIC) will implement Two-Factor Authentication (2FA) for all taxpayers and transporters utilizing the e-Way Bill and e-Invoice systems. This enhanced security feature will require users to authenticate their login through a one-time password (OTP) alongside their username and password.

Two-Factor Authentication Overview

To fortify security within the e-Way Bill and e-Invoice systems, the NIC is introducing 2FA. In addition to the traditional username and password, all users will need to provide an OTP for system access. The OTP can be obtained through three distinct methods:

  1. SMS: The OTP will be sent via SMS to the registered mobile number.

  2. Sandes App: Users can receive the OTP through the government-sponsored Sandes messaging application. To use this method, download the Sandes app on the registered mobile device.

  3. NIC-GST-Shield App: This mobile application is designed specifically for generating OTPs without requiring internet access. The NIC-GST-Shield app can be downloaded exclusively from the e-Way Bill/e-Invoice portal via the path ‘Main Menu à 2-Factor Install NIC-GST-Shield’. Users must ensure that the app’s time setting is synchronized with the e-Way Bill/e-Invoice system. Upon launching the app, an OTP will be displayed which refreshes every 30 seconds.

Registration Process for 2FA

To register for 2FA, users should log into the e-Way Bill System, navigate to the Main Menu, and select 2-Factor Authentication to confirm their registration. Post-registration, users will be prompted for the OTP in combination with their username and password. It’s essential to note that OTP authentication is unique to individual user accounts. Sub-users linked to a GSTIN will have their own authentication processes based on their registered mobile numbers in the system. Once 2FA is activated, it applies to both the e-Way Bill and e-Invoice systems.

Managing Sub-Users

Main users are empowered to create and manage sub-users for more efficient e-waybill handling. The mobile numbers of these sub-users can be updated accordingly. Sub-users may be granted permissions to perform various actions, such as:

  • Generate e-waybills
  • Cancel e-waybills
  • Access all related options

Additionally, main users can regularly monitor the activities of their sub-users to ensure compliance and security.

Conclusion

The introduction of Two-Factor Authentication by the National Informatics Centre serves to significantly enhance the security of the e-Way Bill and e-Invoice systems. By implementing this measure, users can be assured that their transactions and data are better protected.