News | Regulation

Demat Account Log In Will Not Work Without Two Factor Authentication From 1st October

MAS Team 08 September 2022
1
SHARE

Holders of demat accounts may not be able to log in to their accounts if they do not enable two-factor authentication by 30 September 2022, according to a 14th June circular issued by the National Stock Exchange (NSE).
 
The circular says that "members shall preferably use biometric authentication" as one of the authentication factors to log on to their demat accounts. The other can be a "knowledge factor" - something only the user knows, like a password or PIN; or a "possession factor" - something only the user has access to, like a one-time password (OTP), security token or authenticator apps on smartphones or desktops. Clients should get the OTP through both email and SMS. In cases where biometric authentication is not possible, the circular mandates, members would have to use a knowledge factor (password/PIN), a possession factor (OTP/security token) and the user ID.
 
Most stockbrokers are following a second authentication factor other than password (such as using a PIN). However, both these factors (i.e., password and PIN) were knowledge factors and cannot be called two different factors for authentication, as mandated by the circular. With the latest circular, the exchanges (NSE and BSE) have reiterated the SEBI's December 3, 2018, circular on cyber security and cyber resilience framework, which provides for such differentiation in authentication factors. Through the circular, the exchange has now mandated such 2FA for login purposes from 30 September 2022. 
 
Online stockbroker Zerodha said on its website, "As per new exchange regulations, it is mandatory to enable TOTP 2Factor login on your account before 30 September 2022, failing which, you will not be able to log in to Kite (its in-house online trading platform)."
 
TOTP stands for time-based one-time password. Unlike a traditional OTP that is delivered to you via email or SMS, a TOTP is generated by a TOTP app that is already on your phone. This TOTP is valid only for a short duration - usually 30 seconds - and is regenerated every 30 seconds, said Zerodha.
 
How to enable two-factor authentication in demat accounts 
According to the circular, biometric authentication would be used either with a password/PIN or an OTP/security token. However, where biometric authentication is not possible, then the login to demat accounts must be allowed using a combination of password/pin with OTP/security token.

SHARE

User

COMMENTS
  Loading...
  Loading...

To continue


Please
Sign Up or Sign In
with

Email

We are listening!

Solve the equation and enter in the Captcha field.

Changes in Our Business Model
 
 
25th Sept 2020
 
Greetings from Moneylife Advisory Services
 
Between financial years 2019-21, SEBI has come up with extensive changes to investor advisor regulations. On Sep 23, 2020, SEBI had issued new additional guidelines. This comes just two months after extensive changes announced in July 2020. Earlier, in December 2019 there was an ad hoc circular
 
As a result of these changes, IAs, cannot accept fees through credit cards, will have to sign a 26-clause investor agreement, have to maintain physical record written & signed by client, telephone recording, emails, SMS messages and any other legally verifiable record for five years. IAs were already asked to record the suitability and rationale for every piece of advice given, sign them and store them for five years.
 
While these extensive and frequent changes, designed to strengthen the conduct of IAs are well-meaning, these have sharply increased compliance efforts and cost. We, being online advisors, find many of changes harder to implement, compared to advisors working in the physical space. We will have to have an army of advisors, administrative and tech staff to be compliant. If we do this, we will have to divert money to these areas and the cost of our service will double. We want to remain the least-cost service in the market to benefit more and more people. In the circumstances, we are forced to change our business model from “advisory” to “research”. This will mean the following:
 
What remains the same:
  • Recommendations on insurance, investment and Lion stocks, will continue as a part of the MAS premium subscription. Our strength has always been research and this will remain available to you through our recommendations.
  • The magazine and all textual content will remain as part of the service
  • We will have to suspend the restructuring tool.
 
What changes:
  • The interactions in Ask / Handholding will offer investment advice but not specific to your situation. It will offer information on investment products and also clarify your doubts about various financial products. It will be a forum for information, not for advice. This will be implemented with immediate effect and our guidelines in Ask, reflect this now.
 
Over the next few weeks our site and our communication to you will reflect these and other additional changes.
 
We feel this will not affect you much in terms of what really matters in investing: knowing what to buy and when to buy. This is our edge and it will still be available to you.
 
img
Debashis Basu
Founder