Financial transactions over the internet often become targets of cyber attacks that can harm users in conducting transactions due to negligence from both the system and human error. This research will focus on the security level of the SIKOLAH financial application, where every school financial transaction will be conducted online. In this study, the Two Factor Authentication (2FA) method will be implemented, ensuring that each user has official access with data in the database registered in the application. The results of implementing this method have successfully validated user data through verified email and WhatsApp numbers to send OTP codes to the access holder's smartphone via the official WhatsApp channel of the application manager. Avoiding server phishing actions also limits the OTP code delivery time to no more than 300 seconds to send the OTP code to users, thereby reducing the risk of data interception by cybercrime.

two-factor authentication; cyber security; payment system; one-time password (OTP)

Tim Kemdikbudristek, “Rencana Strategis Kementrian Pendidikan dan Kebudayaan 2020-2024,”Kementeri. Pendidikan, Kebudayaan, Ris. dan Teknol., pp. 1–129, 2020, [Online]. Available: https://dikti.kemdikbud.go.id

N. N. K. Sari, S. Geges, N. Hasanah, “Penerapan Sistem Notifikasi Chat dan Payment Gateway pada Sistem Informasi Pembayaran SPP berbasis Website,” Jurnal Teknologi Informasi, vol. 17, no. 1, Jan, pp. 2656-0321, 2023.

G. C. Mahardhika and F. David, “Implementasi Two Factor Authentication (2FA) pada Sistem Keamanan Otentikasi User di Aplikasi Kasir Legends Barbershop,” Jurnal Sistem dan Teknologi Informasi (Justin), vol. 8, no. 4, p. 357, 2020, doi: 10.26418/justin.v8i4.42247

Hardiansyah, Novi. "Penggunaan Metode Extreme Programming pada Perancangan Sistem MYDOSEN." Jurnal Edik Informatika Penelitian Bidang Komputer Sains dan Pendidikan Informatika 10.2 (2024): 67-77.

V. D. Slavov and S. A. Jalil, “Smart Financial Management for Cooperatives: A Web and Payment Gateway Integration Approach,” vol. 3, no. 1, pp. 16–36, 2025

Setiawan, A., & Kamajaya, R. M. A. (2024). Implementasi SMS-based One-Time Password Stealing Attack pada Akun Aplikasi Android menggunakan Digispark Atitiny85. Info Kripto, 18(1), 15-23.

Sunaringtyas, S. Ulfa, D. F. Priambodo, and A. Setiawan. "Implementasi Sms-Based One-Time Password Stealing Attack pada Akun Aplikasi Android menggunakan Digispark Atitiny85." (2023).

Ramdhon, M. (2019). Implementasi Two Factor Authentication sebagai Otentikasi Transaksi Non Tunai (Doctoral dissertation, Universitas Muhammadiyah Sukabumi).

McCabe, Charlotte, Althaff Irfan Cader Mohideen, and Raman Singh. "A Blockchain-based Authentication Mechanism for Enhanced Security." Sensors 24.17 (2024): 5830.

Gilsenan, C., Shakir, F., Alomar, N., & Egelman, S. (2023). Security and Privacy Failures in Popular 2FA Apps. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 2079-2096).

Heriyanto, Y., Qalban, A. A., & Mukaromah, I. A. (2022). Pengembangan Metode Login Two Factor Authentication (2fa) untuk Keamanan Sistem Informasi Akademik. Journal of Innovation Information Technology and Application (JINITA), 4(2), 142-150.

R. S. Pressman and B. R. Maxim, Software Engineering A Practitioner’s Approach. McGraw-Hill, 2020

Amsyah, Novri, A. Asmar, and R. Kurniawan. "Monitoring System for Electrical Energy use and Charging Electricity Tokens based on Website and Whatsapp Application." Jurnal Ecotipe (Electronic, Control, Telecommunication, Information, and Power Engineering) 11.1 (2024): 97-106.

Yamkhin, Jambaljav, et al. "Spatial Distribution Mapping of Permafrost in Mongolia using TTOP." Permafrost and Periglacial Processes 33.4 (2022): 386-405.

Mayanda, Deara, et al. "Load Balancing Techniques for Server Clustering in Cloud Environment: Systematic Literature Review." Journal of Renewable Energy, Electrical, and Computer Engineering 4.2 (2024): 173-179.

Supendar, H., & Handrianto, Y. (2019). Teknik Availability Manajemen Server berbasis Clustering. Bina Insani ICT Journal, 6(1), 1-10.