Demat account holders ALERT: Do THIS before September 30 else your account will be 'locked'

The two-factor authentication for Demat accounts will come into effect from October 1. According to a notification issued by the National Stock Exchange (NSE) in June, Demat account holders need to enable the two-factor authentication by September 30 to continue using their accounts. Those failing to enable the two-factor authentication won't be able to access their accounts.

The two-factor authentication can be done using biometric authentication along with the knowledge/possession factor.

“Member’s attention is drawn to SEBI circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, on Cyber Security & Cyber Resilience framework for Stockbrokers, wherein all Members were required to mandatorily implement two-factor authentication on application offered by Members to customers through Internet Based Trading (IBT) and Securities Trading through Wireless Technology (STWT),” the circular dated June 14 read.

“In joint consultation with SEBI and Exchanges, it is hereby clarified that, in addition to user ID, Members shall preferably use biometric authentication as one of the authentication factors, along with any one of the below-mentioned factors: 1. Knowledge factor (something only the user knows): - for e.g., Password, PIN. 2. Possession factor (something only the user has): - e.g., OTP, security token, authenticator apps on smartphones, etc. In case of OTP, the same should be sent to clients through both email and SMS on their registered email ID and Mobile number,” the notification stated.

In the case where biometrics is not possible, members shall use both the aforementioned factors: Knowledge factor and Possession factor.
"In cases, where biometric authentication is not possible, Members shall use both the aforementioned factors (Knowledge factor and Possession factor), in addition to the user ID, for 2-factor authentication (2FA). It is to be noted that the above-mentioned authentication shall be implemented on every login session by the client to IBT and STWT,” the circular read.

Demat accounts: How to enable two-factor authentication
To enable two-factor authentication in Demat accounts, the account holder will have to generate TOTP (time-based one-time password). Unlike a traditional OTP that is delivered via email or SMS, a TOTP is generated by a TOTP app that is already on the phone. This TOTP is valid only for a short duration (usually 30 seconds) and is regenerated every 30 seconds.