UltraSecure OTP (One Time Password) Tokens

UltraCart supports two factor authentication to enhance the security of your UltraCart account. Two factor authentication means you have something you know (your regular password) and something you have (the token on your phone that is generating the one time password). Previously UltraCart used physical tokens from CryptoCard (deprecated) and our own OTP application for Android (deprecated) but is now standardized on the open source project Google Authenticator. The Google Authenticator App is available for all the major mobile phone platforms.

Using an OTP token provides the following benefits for UltraCart users:

Enhanced security
Removes the requirement for IP activation

Setup Instructions

Download the Authenticator App to your mobile phone

	Downloading Google Authenticator for your mobile phone.
	Apple iOS (iPhone, iPad)	search "Google Authenticator" in the App Store.
	Android	search "Google Authenticator" in the Google Play Marketplace.
	LastPass Authenticator	search "LastPass Authenticator in the appropriate app store for your device.
	Yubico Authenticator	search "LastPass Authenticator in the appropriate app store for your device.

The application is easy to integrate with your UltraCart account.

Navigate to:

(Above) Home →(Mouse Over Merchant ID) → Your Preference

Click the Your Preference button which is visible when you mouse over your MerchantID/Avatar that is displayed directly above "Home" in the main men (left).

Scroll down to the "2FA" section and click the "link" icon as shown below.

Follow the instructions on the screen (see below):

Once you have the authenticator app installed and have opened it.
Click 'Scan a QR Code'
Then enter the 6 digit number that appears in the app into the "OTP Password" field, then
Click 'Test and activate'

Once you have successfully completed the steps you will be returned to Your Preferences page, your OTP Serial Number will be displayed in the "OTP Serial Number" field.

If you've configured the OTP correctly, your OTP Serial Number will be displayed to the left of the link you clicked earlier. At this point your token is active and will be required at every login to UltraCart.

Logging in with OTP Token

Turn on your phone and tap the Google Authenticator application icon. The App will load and display your OTP password as shown below. The app will refresh the code approximately every 30 seconds.

iPhone Display	Android Display

OTP Password Change

Your Google Authenticator App will refresh the screen and change the OTP password every thirty seconds. A pie chart image will display the approximate time remaining until the next change. When the change is near the numbers will turn red (iPhone only). If there is little time remaining we recommend waiting until the OTP token refreshes . Once a token number has been used it can not be used again on this or any other UltraCart account.

Login to your UltraCart account. Enter the OTP password into the fourth field of the login as shown below.

Using on Multiple Accounts

Once you have an UltraCart token in your Google Authenticator you can use it on multiple accounts. To add the token to additional accounts go to:

Main Menu → Your Preference

Scroll down to the OTP Serial Number field and enter the serial number displayed on your phone. It should look like GA##########@UltraCart. The @UltraCart portion is not necessary, but is OK to enter.

Removing Token

To remove the token from your user go to:

Main Menu → Your Preference

Scroll down to the OTP Serial Number field, clear out the serial number, and click save.

Frequently asked questions

Question: I lost my phone and now I cannot log into my account, what do I need to do?

Answer: UltraCart staff (support) will need to remove your OTP configuration so you can log in and configure your new phone (if needed). You'll need to contact UltraCart support. UltraCart support will need to verify you by calling the number on file for your user login (or the owner or another admin user listed on the account) before they are able to remove the OTP token. Please make sure to update your user with up to date contact details by clicking the "Your Preferences" button which appears at the top of the ultracart pages when you are logged into your account.

Question: I have a Yubikey and use the Yubico Authenticator instead of the Google Authenticator. Is the Yubico Authenticator compatible?

Answer: Yes. However, since the application requires you to plug your Yubikey into the phone, you'll need a Yubikey that is compatible with your phone's input type.

Logging into UltraCart using the Yubico Authenticator application

Browser not supported