Zerodha has announced that any orders placed via the Kite Connect APIs must be authenticated with 2FA. The change came into effect on 3rd October 2021. It was quite a challenging task for the platform.
In the past, we could choose between PINs and 2FAs, but 99% of the users used PINs, since they are hassle-free and can be hardcoded. Due to this SEBI Cybersecurity Circular, it has now become mandatory. Naturally, this did not sit well with the KiteConnect Forum.
These inconveniences were caused by all non-coders who now have to go back to their developers and have their code updated to include TOTP verification or just move to another broker. In this article, even if you aren’t a programmer you will learn how to change your code so that TOTP verification is used instead of a PIN.
What is TOTP?
One time passwords generated with a standardized algorithm use the current time as an input. TOTPs (Time Based One Time Passwords) are unique numeric passwords that get generated with a standardized algorithm.
If used as a second factor, the time-based passwords provide user-friendly, increased security for accounts. Most TOTP codes expire after 30 seconds.
Generally, TOTPs are more secure than SMS OTPs since SMS OTPs are static numbers that can only be used once and are valid for longer periods of time, such as 5-10 minutes.
When someone clones your SIM CARD and gets access to the SMS OTP before you even enter it into the system, they have access to your account and can do the worst things with your system.
As TOTPs are generated via apps such as Google Authenticator, and they are linked to specific Google Accounts, it is somewhat difficult to access those accounts to obtain TOTPs.
You can enable a TOTP by following the steps below:
- Click on the Client ID when you are logged into Kite. The Client ID can be found in the upper right-hand corner of the page.
- From the drop-down menu, select ‘My Profile’.
- Click on ‘Password & Security’.
- Choose ‘Enable 2-step TOTP’.
- You will receive an OTP to your email address that is registered with Kite.
- On your phone, install Google® Authenticator. It is available on both the Play Store and Apple App Store. There are also alternatives (such as Microsoft® Authenticator and Authy).
- Click on ‘Scan a barcode’ under the option to add an account and then click ‘Begin’.
- Scanning the barcode will be displayed on your Kite profile page after you allow the app to access your camera. Your authenticator app will add the account after you scan it.
- Tap on ‘Enable’ and enter the OTP shown on the Kite app.
- Upon setting up the TOTP, you will receive a confirmation email.
You can disable the TOTP authentication if you lose your mobile phone or can’t access your TOTP app for any reason.