Skip to main content

PIN and OTP

The Profile > Security Center section allows users to choose which additional verification method to use in case an unusual login is detected, specifically:

  • The PIN that was sent via email during the user account creation.
  • The PIN sent via SMS. This is a one-time code generated in real-time and sent via SMS to the pre-verified mobile number.

Security Center

To proceed, follow the instructions here:

  1. Access the Profile > Personal Info section and enter the mobile number, including the international dialing code (e.g., Italy +39). Remember to save the changes.

    Mobile - Personal info

  2. Go to the Profile > Security Center section and click on Send verification code via SMS to verify the existence and correctness of the phone number:

    Phone Number Verification

  3. Enter the code received via SMS in the Verification Code field and click Confirm.

    Phone Number Verification

  4. Once the number is verified, enable the Enable PIN authentication via SMS functionality.

    Enable PIN via SMS

The account may be automatically locked by the system if the following conditions occur:

  • If the wrong PIN is entered five times, the account will be locked. If you wait at least 30 minutes after the fourth attempt, the counter will reset, and five more attempts can be made. However, the global counter limits the user to a maximum of 15 attempts in total before the account is locked.
  • If the wrong OTP is entered 50 times, the account will be locked.

Once an account is locked, only Customer Service can reactivate it.

Limitations for the PIN via SMS

The following conditions apply to one-time PIN codes (OTP) sent via SMS:

  • A maximum of one OTP can be requested per minute.
  • Only the last three OTPs sent are valid.
warning

An SMS may take time to arrive for various reasons, especially when roaming. If, as a result, you click Send verification code via SMS more than three times, the first OTP sent will not be valid, even if it eventually arrives.

Changing a PIN sent via email

An administrator user can regenerate another user’s PIN that was sent via email, provided the relevant user was created within a company for which the administrator has the appropriate permissions. However, the administrator cannot regenerate their own PIN. In this case, the administrator must contact Customer Service.

If an administrator regenerates a new PIN, it will have no effect if the user chooses to use the OTP code sent via SMS. However, it will be valid if the user decides not to use the OTP code in the future. In this case, the user will need to use the most recent PIN that was sent via email, if requested.