Two-Factor Authentication (2FA) is coming to Web Platform (Dhan & TradingView)

shraddha · July 6, 2022, 4:38am

Technology is leading the world to new frontiers, and Dhan is leading & building its platforms (App, Web, APIs, TradingView, Options Trader) in India as a technology-first investment and trading platform. We have started with Stock Broking, and ofcourse there are more products to come your way.

The advent of technology, also brings up additional risks along with it - for which capital markets regulator SEBI has been sharing guidelines on Cyber Security & Cyber Resilience framework for StockBrokers, which requires stock trading platforms like Dhan to mandatorily implement two-factor authentication (2FA) on our trading applications offered to you. NSE has recently published a circular on this for us to implement.

What does the NSE’s circular mean for you?

This makes it mandatory for all stock trading and investment platforms to enable two-factor authentication. As per this, biometric authentication should preferably be one of the 2FAs along with either:

#1. Something only you know (Knowledge Factor): Password or PIN

#2. Something only you have (Possession Factor): OTP, security token, authenticator apps on

smartphones etc. In case of OTP, the same should be sent to clients through both email and SMS on their registered email ID and Mobile number.

The deadline to set up 2FA is September 30, 2022.

Our trading apps (Dhan & Options Trader) are fully compliant with the same enabling users with possession factor biometric logins (Face ID, Fingerprint or Device PIN) via mobile device.

There will be minor changes on how you will now seamlessly login to Dhan Web - we already have adequate measures to ensure we comply, however we are posting this in advance for users to become familiar with the navigation flow on our web based trading platforms - Dhan (web.dhan.co) and TradingView (tv.dhan.co).

Primary Login to Dhan web platforms will be: QR scan & login via Dhan app.

Our users already have logged in to the Dhan App using 2FA, now they will extend this authentication further to the web via third factor authentication on Dhan’s industry first - QR based login.

Dhan’s QR based authentication for web platforms is advanced and secure, behaves exactly like TOTP and you get a new & unique QR code every 30 seconds to scan and login to our web platforms. Super seamless and Instant Authentication for login!

No need for our users to have extra 3rd party additional TOTP apps and hassle of opening other apps with more complex processes.

If your experience is simple, easy and seamless - it has to be on Dhan.

More questions that are on your mind…

How do I enable QR based login for my Dhan account?

There is no need to enable this separately. This feature comes along built-it and enabled for you by default from your first day on Dhan.

Do I need a separate TOTP app along with Dhan? Isn’t TOTP better than this?

No, there is no requirement for having any additional 3rd part app for TOTP. All you need is Dhan app or our Options Trader app. This is built in for both apps.

Dhan’s QR based login behaves exactly like TOTP and you get a new & unique QR code every 30 seconds to scan and login to our web platforms.

Can you still explain to me step by step how QR based login works on Dhan?

Yes, simply go to either of the following Dhan platforms:

Web: web.dhan.co
TradingView: tv.dhan.co

Click on the QR icon on the login pages, if not already opened.

On your Dhan app, tap on our profile picture - you will see Login to Desktop Web. Tap on the same and scan the QR code on your screen. You are done!

I do not want to use QR code? Will there be an alternative?

Yes, there will be of course. You can complete your first factor authentication using Mobile Number and Password, post which you will require verification via OTP that is sent to your registered email address and mobile number.

How to Enable 2FA with Biometric Login on Dhan App?

Here’s how you can use biometric authentication to enable 2FA on your Dhan or Options Trader app.

Tap your profile picture
Go and select Settings
Enable “Biometric Login” with just one tap.

Depending on your phone device - it will enable the biometric authentication that is available on your phone.

Get familiar with the QR based login, we will be enabling this for all users in a few days for Dhan web & TradingView web. At Dhan we always keep your user experience first.

Thank you
Shraddha

PravinJ · July 6, 2022, 6:12am

We will be implementing changes to make Login with QR as default mode for Dhan on Web (web.dhan.co) and TradingView console (tv.dhan.co)

Divyesh · May 30, 2023, 8:44am

Hi @247NH

We noted your suggestion for TOTP authentication and we will share it with our concern team.

Just to add: you can log in to the web without mobile as well that is via email OTP.

Hardik · May 31, 2023, 7:51pm

Hello @247NH

The QR-based login authentication on Dhan is one of a kind and secure for all Dhan users, as you can only use Dhan app to authenticate your session.

Yes, we do know that TOTP has been widely implemented across industry, but yet again, we cannot overlook the security concerns with allowing third party authenticator apps.

The easiest way known here is creating a script which automates logging in via Google Authenticator on Selenium. It is really straightforward for anyone to store credentials and authenticate via TOTP once they have the account secret key.

We want to avoid such scenarios, and hence decided to keep QR based login mechanism as the primary method. Also, for QR login, you do not need to enter any of your credentials too, making it less cumbersome for any user.

For this, we send OTP on both Mobile number and email ID, so that user has a choice of mode.

ekveer · May 31, 2023, 8:13pm

Can Login to Desktop via web QR be made more user friendly with less clicks on my mobile?

Divyesh · June 1, 2023, 4:00am

Hi @ekveer,

We have this feedback and will surely explore it.