Two-factor authentication

To protect your account from unauthorised access, we strongly recommend enabling two-factor authentication. This verification is now required at sign in for users able to perform administrative actions on your site, or access cardholder data, as mandated in the Payment Card Industry Data Security Standard (PCI DSS) v3.2. Set-up is straightforward and should only take a few minutes.

  Required user roles

Required for the following user roles:
Developer, Developer 2, Site admin, “View only transactions, fees and merchant statements”

Optional for the following user roles:
Basic user, Pay by Link, Site user, Site user 2, Transaction admin, Transaction admin 2, View only transactions

  How to access

To enable or reset two-factor authentication on your own MyST user account, navigate to your profile page, click the “Two-factor authentication” toggle (see below) and follow the instructions displayed on-screen to complete the setup process.

To enable/disable two-factor authentication for a child user, search for the user and navigate to their profile page. Use the toggle to enable/disable verification on their account.

When two-factor authentication is enabled on your account, you will be prompted for a 6 digit code on sign in.



To enable two-factor authentication, click the “Two-factor authentication” toggle on your profile page and follow the instructions displayed on-screen.

  To complete two-factor authentication, you will be prompted for an access code from an authenticator app. This is to ensure the method of authentication has been configured correctly before it is enabled on your MyST account.

Screenshot of two-factor authentication setup prompt.


If two-factor authentication has been successfully enabled for your MyST user account, a green message will be displayed at the top of the page to confirm this.

With two-factor authentication enabled on your user account, you will be prompted for an access code when signing in to MyST. You can open an authentication application to retrieve this code and type this into MyST to gain access to your account.


Install authenticator software

The two-factor authentication used by Trust Payments follows the RFC-6238 standard (Time-based one-time password algorithm).

As a result, any authentication application that follows the same standard can be used.

For mobile devices we suggest:

For computers we suggest:

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request