Your bills and your personal and payment data are private, and we want you to feel safe with using Roger to handle them.
Traditionally, in any online tool, if someone was to guess your password, they would get access to your personal information, and payment details. To protect you against this, we are now launching two factor authentication (2FA) for Roger.
You can read more about 2FA by going to Settings > Security on your Roger account, but we'll also provide a few key points about it here.
What is 2FA?
2FA is an extra layer of security that can be applied to any kind of digital service that requires log-in by its users, including Roger. Instead of only relying on your standard, single password when logging in (one factor), another time-limited, randomly generated one-time password will be required to log in (the second factor).
When using Roger you will be given this extra, randomly generated password to enter every time you log in to your account. The password is only valid for 30 seconds, which ensures that if someone were to get a hold of both your real password and the extra password, they would likely run out of time before being able to attempting to log in.
How does 2FA work in Roger?
To use 2FA, an extra smartphone app is needed to generate the extra, time-limited one-time passwords (6 randomly generated digits). We recommend the Google Authenticator app, which you can download from your smartphone's app store, but other authenticator apps will also work just fine. The app will provide you with the extra password every time you attempt to log in.
By pairing your Roger account with the authenticator app, Roger will generate the same extra password internally to check if the one you enter is correct. Your Roger account and the authenticator app on your smartphone must therefore agree on a shared secret (a 16-digit key) that identify you and dictactes how the extra passwords are generated.
We stress that you must really keep this shared secret secret by storing it offline where only you can access it, since if a stranger gets to know the secret, they will be able to figure out all your time-limited one-time passwords and thus access your account.
If you should happen to lose your phone, Roger can restore your account in an instant, no problem. That is, if you have the secret! If you do not have the secret, you will not be able to restore your account (any stranger could contact the Roger team and say that they "lost the secret" in an attempt to steal your data).
How do I set up 2FA?
Start by navigating to Settings > Security on your Roger account on www.roger.ai. You will now see a screen with a large QR code and a 16-digit key beneath it.
Together, both of these make up the secret:
- The 16-digit key is for you to save and keep.
- The QR code is for your phone to scan with the authenticator app.
If you have trouble with scanning the QR-code, many authenticator apps also have the option of manually entering the key.
After either scanning or manually entering the 16-digit key, your secret should be set, your Roger account and your smartphone should be paired, and your smartphone should start generating 6-digit passwords. Complete the setup by entering the current 6-digit password shown on the authenticator app in the box in the left side of the screen in your Roger account, and press "Enable 2FA".
(Please notice that you can disable 2FA again by navigating to the same page on your Roger account, entering the current one-time password, and then clicking "Disable 2FA")