Two-factor authentication



Description To protect your account from unauthorised access, we strongly recommend enabling two-factor authentication. This verification is now required at sign in for users able to perform administrative actions on your site, or access cardholder data, as mandated in the Payment Card Industry Data Security Standard (PCI DSS) v3.2. Set-up is straightforward and should only take a few minutes.
Required user roles Required for the following user roles:
Developer, Developer 2, Site adminOptional for the following user roles:
Basic user, Site user, Site user 2, ST PayMe, Transaction admin, Transaction admin 2, View only transactions
How to access To enable or reset two-factor authentication on your own MyST user account, navigate to your profile page, click the “Two-factor authentication” toggle (see below) and follow the instructions displayed on-screen to complete the setup process.
To enable/disable two-factor authentication for a child user, search for the user and navigate to their profile page. Use the toggle to enable/disable verification on their account.


When two-factor authentication is enabled on your account, you will be prompted for a 6 digit code on sign in.




To enable two-factor authentication, click the “Two-factor authentication” toggle on your profile page and follow the instructions displayed on-screen.

To complete two-factor authentication, you will be prompted for an access code from an authenticator app. This is to ensure the method of authentication has been configured correctly before it is enabled on your MyST account.


Screenshot of two-factor authentication setup prompt.


If two-factor authentication has been successfully enabled for your MyST user account, a green message will be displayed at the top of the page to confirm this.

With two-factor authentication enabled on your user account, you will be prompted for an access code when signing in to MyST. You can open an authentication application to retrieve this code and type this into MyST to gain access to your account. Click here for further information.



Installing authenticator software

The two-factor authentication used by Trust Payments follows the RFC-6238 standard (Time-based one-time password algorithm).

As a result, any authentication application that follows the same standard can be used.

For mobile devices we suggest:

For computers we suggest: