UltraSecure OTP (One Time Password) Tokens
UltraCart supports two factor authentication to enhance the security of your UltraCart account. Two factor authentication means you have something you know (your regular password) and something you have (the token on your phone that is generating the one time password). Previously UltraCart used physical tokens from CryptoCard (deprecated) and our own OTP application for Android (deprecated) but is now standardized on the open source project Google Authenticator. The Google Authenticator App is available for all the major mobile phone platforms.
Using an OTP token provides the following benefits for UltraCart users:
Downloading Google Authenticator for your mobile phone. | ||
Apple iOS (iPhone, iPad) | search "Google Authenticator" in the App Store. | |
Android | search "Google Authenticator" in the Google Play Marketplace. | |
LastPass Authenticator | search "LastPass Authenticator in the appropriate app store for your device. | |
Yubico Authenticator | search "LastPass Authenticator in the appropriate app store for your device. |
The application is easy to integrate with your UltraCart account.
Navigate to:
(Above) Home →(Mouse Over Merchant ID) → Your Preference |
Click the Your Preference
button which is visible when you mouse over your MerchantID/Avatar that is displayed directly above "Home" in the main men (left).
Scroll down to the "2FA" section and click the "link" icon as shown below.
Follow the instructions on the screen (see below):
Once you have successfully completed the steps you will be returned to Your Preferences page, your OTP Serial Number will be displayed in the "OTP Serial Number" field.
If you've configured the OTP correctly, your OTP Serial Number will be displayed to the left of the link you clicked earlier. At this point your token is active and will be required at every login to UltraCart.
Turn on your phone and tap the Google Authenticator application icon. The App will load and display your OTP password as shown below. The app will refresh the code approximately every 30 seconds.
iPhone Display | Android Display |
Your Google Authenticator App will refresh the screen and change the OTP password every thirty seconds. A pie chart image will display the approximate time remaining until the next change. When the change is near the numbers will turn red (iPhone only). If there is little time remaining we recommend waiting until the OTP token refreshes . Once a token number has been used it can not be used again on this or any other UltraCart account. |
Login to your UltraCart account. Enter the OTP password into the fourth field of the login as shown below.
Once you have an UltraCart token in your Google Authenticator you can use it on multiple accounts. To add the token to additional accounts go to:
Scroll down to the OTP Serial Number field and enter the serial number displayed on your phone. It should look like GA##########@UltraCart. The @UltraCart portion is not necessary, but is OK to enter.
To remove the token from your user go to:
Scroll down to the OTP Serial Number field, clear out the serial number, and click save.
Answer: UltraCart staff (support) will need to remove your OTP configuration so you can log in and configure your new phone (if needed). You'll need to contact UltraCart support. UltraCart support will need to verify you by calling the number on file for your user login (or the owner or another admin user listed on the account) before they are able to remove the OTP token. Please make sure to update your user with up to date contact details by clicking the "Your Preferences" button which appears at the top of the ultracart pages when you are logged into your account.
Answer: Yes. However, since the application requires you to plug your Yubikey into the phone, you'll need a Yubikey that is compatible with your phone's input type.
Logging into UltraCart using the Yubico Authenticator application