/
UltraSecure OTP (One-Time Password) Tokens

UltraSecure OTP (One-Time Password) Tokens

Owned by Perry Tew
Last updated: yesterday at 8:22 pm by Tyler Johnson

Introduction

UltraSecure OTP Tokens enhance the security of your UltraCart account by implementing two-factor authentication (2FA). Two-factor authentication adds an extra layer of security by requiring two distinct forms of verification to log in: something you know (your password) and something you have (a dynamically generated one-time password from a token on your mobile device).

UltraCart supports any authenticator application that provides one-time password functionality, including popular options like Google Authenticator, Authy, 1Password, and Yubico Authenticator.

Using an OTP token provides significant benefits for UltraCart users:

  • Enhanced security for your account.

  • Removes the requirement for IP activation, offering greater flexibility.Setup Instructions

Setup Instructions

Download an Authenticator App

To begin, download a compatible authenticator application to your mobile phone. UltraCart recommends the Google Authenticator App, which is available for all major mobile phone platforms.

Apple iOS (iPhone, iPad)

Search for "Google Authenticator" in the App Store.

Android

Search for "Google Authenticator" in the Google Play Marketplace.

LastPass Authenticator

Search for "LastPass Authenticator" in the appropriate app store for your device.

Yubico Authenticator

Search for "LastPass Authenticator" in the appropriate app store for your device.

Link to UltraCart Account

The authenticator application is easy to integrate with your UltraCart account.

  1. Log in to your UltraCart account.

  2. Mouse over your Merchant ID/Avatar located directly above "Home" in the main left-hand menu.

  3. Click the Your Preferences button that appears in the dropdown menu.

  4. Scroll down to the "2FA" (Two-Factor Authentication) section.

  5. Click the "chain link" icon next to the "OTP Serial Number" field to view the setup instructions.

image-20250702-200831.png

Scan QR Code & Activate

Follow the on-screen instructions to link your authenticator app to your UltraCart account:

  1. Open your chosen authenticator app (e.g., Google Authenticator) on your mobile device.

  2. Select the option to "Scan a QR Code".

  3. Use your phone's camera to scan the QR Code displayed on your UltraCart screen.

  4. Once the QR code is scanned, a 6-digit one-time password (OTP) will appear in your authenticator app.

  5. Enter this 6-digit number into the "OTP Password" field on the UltraCart screen.

  6. Click Test & activate.

Note: If successfully configured, you will be returned to your Preferences page, and your OTP Serial Number will be displayed in the "OTP Serial Number" field. Your token is now active and will be required for every subsequent login to UltraCart.

 

Logging in with OTP Token

When two-factor authentication is enabled for your UltraCart user, the login process will include an additional verification step.

  1. Navigate to the UltraCart Merchant Login page.

  2. Enter your Merchant ID, Login (username), and Password as usual.

  3. After submitting your initial login credentials, if 2FA is required, you will be prompted for to enter your security code.

  4. Open your authenticator application (e.g., Google Authenticator, Authy, 1Password) on your mobile device.

  5. The app will display your current OTP password. These codes refresh approximately every 30 seconds.

  6. Enter the 6-digit UltraSecure Code displayed in your authenticator app into the input and click Submit Code to continue.

image-20250702-201634.png

 

Tip: The authenticator app will indicate the time remaining until the next code refresh. If there is little time left, it is recommended to wait for the OTP token to refresh to avoid using an expired code.

Note: Once an OTP code has been used, it cannot be used again for that or any other UltraCart account.

 

Using on Multiple Accounts

Once you have an UltraCart token configured in your authenticator app, you can use the same token for multiple UltraCart accounts.

  1. Log in to the additional UltraCart account you wish to link.

  2. Navigate to Main Menu > Your Preferences.

  3. Scroll down to the "OTP Serial Number" field and enter the serial number displayed in your phone's authenticator app. The serial number typically looks like

    GA##########@UltraCart, but the @UltraCart portion is optional.

Removing Token

To remove an OTP token from your user account:

  1. Navigate to Main Menu > Your Preferences.

  2. Scroll down to the "OTP Serial Number" field.

  3. Clear out the serial number from this field.

  4. Click Save.

Frequently Asked Questions

Question: I lost my phone and now I cannot log into my account, what do I need to do?

Answer: If you lose your phone and cannot access your OTP token, you will need to contact UltraCart support. UltraCart staff will remove your OTP configuration after verifying your identity. Verification will typically involve calling the number on file for your user login, or contacting the account owner or another admin user.

Tip: Ensure your user contact details are always up-to-date by regularly checking the "Your Preferences" section in your UltraCart account.

 

Question: I have a Yubikey and use the Yubico Authenticator instead of the Google Authenticator. Is the Yubico Authenticator compatible?

Answer: Yes, the Yubico Authenticator is compatible. However, since the Yubico Authenticator application requires you to physically plug your Yubikey into your phone, you will need a Yubikey model that is compatible with your phone's input type - Logging into UltraCart using the Yubico Authenticator application