We take the security of your account seriously. All Ramp accounts are enrolled in multi-factor authentication (also known as two-factor authentication, MFA, and 2FA) based on your provided account details. You can use:
- Authenticator devices (see below)
- Phone (configured automatically)
- Email (only when others are unavailable)
Verifying login attempts
When you log in to Ramp from a new device with a username and password you will be prompted to verify your login attempt. If you have configured an authenticator (see below), you can use that authenticator here. Otherwise, we will send a login code to your on-file phone number or email address. The login verification codes are valid for 60 seconds: if you were unable to successfully enter it during the valid time frame, you may re-send a code.
If you frequently log in to Ramp from the same device you will not be prompted to verify your login each time. If you log in to Ramp using “Sign In with Google” or “Sign In with your Identity Provider”, you will not be prompted to verify your login each time.
Sharing verification codes
To keep your financial account safe, never share verification codes anywhere or with anyone. Ramp support will never contact you to request a login verification code; such a request may be a phishing attempt from an attacker masquerading as a Ramp employee.
If you receive a request to share a Ramp verification code, do not respond. Instead, contact firstname.lastname@example.org.
Configuring your phone
When you enroll a mobile phone with Ramp we automatically set it up to receive verification codes. No further configuration is required on your part. Learn how to update your phone number here→
Configuring an authenticator
You can configure up to five TOTP-based authenticators (like Google Authenticator, Twilio Authy, etc.) in order to access your account without using your phone number.
- To add an authenticator to your Ramp account, first open your profile. Click the gear on the bottom left of your screen
- Click your name on the top left
- Click “Edit Profile” in the middle of the page
Next, begin enrollment.
- Scroll down to see the “Security” section
- Click on “Configure Multi-Factor Authentication”
- Click “Add authentication device” and follow the on-screen instructions
If you have previously enrolled an authenticator, you will see all your existing devices. If you have not previously enrolled an authenticator, you will not see this list.
That’s it! Your new authenticator is ready for use when you next log in from a new device!
Removing an authenticator
To remove an authenticator from your Ramp account, follow the instructions above to navigate to the authentication panel. Click the "x" next to the authenticator you wish to remove. It’s gone!
Lost authenticator (help me log in!)
If you have lost access to your enrolled authenticator, follow the prompts during login to switch to send a verification code to your enrolled phone number instead. If you do not have access to your enrolled phone number or your authenticator, contact email@example.com and we'll help you out.
Once you have regained access to your account, refer to the “Removing an authenticator" section above to remove the authenticator that you no longer have access to. This ensures the lost authenticator cannot be used to sign in to your account in the future.