Enhancing GST Security: Introducing Two-Factor Authentication (2FA)

Home » Blogs » Enhancing GST Security: Introducing Two-Factor Authentication (2FA)

Table of Contents

In a decisive and forward-thinking move to fortify the robustness of security measures associated with GST logins and deter unauthorized access, the Goods and Services Tax Network (GSTN) has introduced the proactive implementation of Two-Factor Authentication (2FA) for taxpayers.

Upon the meticulous inputting of their login credentials, taxpayers will promptly and securely receive a unique one-time password (OTP). This OTP, serving as an additional layer of security, will be diligently dispatched to the designated Mobile number and Email ID of the Primary Authorized Signatory. Ensuring the utmost security, taxpayers are urged to regularly verify and update the Mobile number and Email ID within the authorized signatory’s contact details.

The rigorous testing of the 2FA protocol commenced with meticulous attention in the State of Haryana during November 2023. With the results yielding a high degree of satisfaction, the implementation swiftly extended its reach to encompass states such as Punjab, Chandigarh, Uttarakhand, Rajasthan, and Delhi. This implementation came into effect from December 1, 2023, marking the initiation of the first phase. The subsequent phase, poised for rollout in the imminent future, will comprehensively cover the remaining states.

Activation of the 2FA security protocol will be systematically triggered when a user undergoes any change in the device, browser, or login location. Notably, following the initial login, the system will refrain from soliciting the same level of authentication unless subsequent logins transpire from a distinctly different location or system.


While the introduction of 2FA represents a pivotal stride in fortifying the resilience against unauthorized access to GST accounts, it is imperative to acknowledge and address certain inherent limitations:

  • Challenges for Companies and Tax Consultants:

Entities that rely on the expertise of Chartered Accountants (CAs) or tax consultants may experience the need to solicit OTPs recurrently, given the dynamic nature of the systems employed for GST filings.

  • Potential Delays and Late Fees:

Instances wherein the designated individual is unavailable during filing may inadvertently result in procedural delays, potentially leading to the imposition of late fees and accrued interest.

  • Network Glitches and Operational Challenges:

The occurrence of adverse network conditions at the operator’s end or heightened load on the GST portal may sporadically impede the seamless delivery of OTPs, presenting a potential challenge for ensuring timely authentication.

Notwithstanding these acknowledged limitations, it is incumbent upon taxpayers to proactively strategize, ensuring that operational workflows remain unimpeded by these constraints. The foresighted approach to addressing these challenges will not only ensure the seamless integration of heightened security measures facilitated by the introduction of 2FA but also contribute to the overall resilience of the GST system.

author avatar
CA Abhishek D Mundhra Chartered Accountant
Abhishek D Mundhra is a Chartered Accountant with 12+ years of post-qualification experience with expertise in the field of GST and other Direct and Indirect Taxes.

Leave a Reply