Two-factor authentication
Griffin requires two-factor authentication (2FA) every time you log in or make a payment. You must authenticate using a passkey stored on a security device of your choice.
How it works
We use a web standard protocol called WebAuthn to generate a private passkey, which is stored on your chosen security device. This is paired with a public key that is stored on our servers and associated with your account. Both pieces of the pair are needed to generate the authentication token that allows you to log in.
When you create a new Griffin account you will be prompted to register a passkey, which will be stored on your chosen device.
When you log in to your Griffin account, you will need to authenticate yourself using your registered passkey.
What devices can I use?
The table below shows the devices you may use to register and store a passkey, and the system requirements for using it with your Griffin account.
Device | Passkey device requirements | Laptop/computer requirements | Supported browsers |
---|---|---|---|
Physical security device (recommended) | Must be FIDO2 compatible (we recommend YubiKeys) | None | Safari, Chrome, Firefox, Edge |
Apple device | Must have iOS 16 or later | Must have bluetooth | Chrome, Firefox, Edge |
Android device | Must have Android 9.0 or later, and have screen lock enabled | Must have bluetooth | Chrome, Firefox, Edge |
Regardless of the device you use, your operating system and browser combination must be compatible with roaming authenticators.
Registering a passkey on your security device
Right now, we only support one security device per account and you will need it every time you want to log in or make a payment - so please choose a trusted device that you will always have on hand!
Click Register device to get started.
In the WebAuthn pop-up, select your preferred option and follow the instructions. If you choose a phone or tablet, you will need to scan the QR code.
WebAuthn might look a bit different depending on your browser and OS (this example uses a MacBook with Google Chrome). If the pop-up only gives you one option when adding a device, you may need to click Use a different device (or Cancel on Windows) to see the option to use your phone or tablet.
You don’t need a special authenticator app to scan the QR code - just open your device’s camera and point it at the screen. You'll be prompted to store your passkey in your device’s password manager (iCloud Keychain in this example).
Using your passkey to log in and make payments
Every time you log in to Griffin, you will need to have your security device on hand so you can authenticate using your passkey. Similarly, whenever you send a payment, clicking Confirm and send will prompt you to authenticate using your passkey.
When prompted, select the device type where your passkey is stored and follow the instructions. If you are using a phone, you will need to scan the QR code.
Lost or stolen devices
If the device where you store your passkey is lost or stolen, you should contact us immediately at support@griffin.com so that we can remove the passkey from your account.
For security purposes, we need approval from another admin in your organisation before we deactivate a passkey.
Once your passkey has been removed, you will be prompted to register a new one the next time you log in. You will not be able to log in to your Griffin account until you’ve registered a new passkey.
Troubleshooting
Problems scanning a QR code
I can't find a QR code to scan
- Sometimes, your browser will not display the QR code by default. You may need to click Use different device (or Cancel on Windows).
- Our app is designed to be used on a laptop or desktop computer. You may have difficulty logging in on your phone.
I found the QR code, but I'm having trouble scanning it
- Use your default camera app on your device to scan the QR code. Don't use an authenticator app, it won't work!
- Not all Android devices automatically scan QR codes via the camera app. If you are having issues, we recommend using the Google Lens app.
Problems registering or authenticating a passkey
I'm having trouble using my password manager
- We don't provide support for password managers, please use a security key or your smartphone as detailed above.
Google Chrome is presenting the wrong passkey
- You can delete that passkey from your browser at chrome://settings/securityKeys/phones.
I get an error when I try to register/authenticate the passkey
- Make sure Bluetooth is enabled on both your laptop and smartphone.
- Try using Chrome. Make sure you clear your cookies, and then close and reopen the browser before attempting to sign in.
- Try registering your phone on webauthn.io. This is the passkey demo site, so if you have problems there then there's a problem with your phone or browser.
- We highly recommend using a YubiKey, as this is the fastest and most secure way to log in.
- Make sure you are using a valid device/browser combination.
- If all else fails, reach out to us at support@griffin.com.