Multifactor Authentication Support
What is Multifactor Authentication?
Passwords are becoming increasingly easy to compromise. They can be stolen, guessed, and hacked. New technology and hacking techniques, combined with the limited pool of passwords most people use across multiple accounts, mean information online is increasingly vulnerable.
Multi-Factor Authentication (MFA) is a simple security practice that adds an extra layer of protection over traditional user name and password authentication. When signing in, you will be prompted for your email address and Personal Identification Number (PIN) (the first factor - what you know), and an authentication code from your MFA device (the second factor - what you have). Taken together, these multiple factors provide increased security for your account settings and resources.
The MFA device generates a unique one time MFA code every 30 seconds. This short interval increases security and the code is generated on your device, so you can sign in even if your device is offline.
Prerequisites
Access to on-line applications requires Multi-Factor Authentication (MFA). Either a Department of Defense (DoD) Common Access Card (CAC) or a Multi-Factor Authentication (MFA) device provisioned. Our MFA solution utilizes the Time-based One-Time Password algorithm (TOTP).
A TOTP virtual device needs to be installed on your mobile device. The mobile device will need a functioning camera to scan the QR code during the provisioning process. Our TOTP solution is tested with Google Authenticator or Authy 2-Factor Authentication. Either application is available free of charge from the application store for either Android or iOS.
All accounts will be initiated by a sponsor. The system generates an email with instructions for provisioning and validating your account and virtual MFA device. Please complete the activation process in one uninterrupted session. The provisioning process usually takes less than ten minutes.
Account Reactivation
Reactivation is required if you purchase a new mobile device or you are experiencing authentication problems with your current MFA token. Please use the "Reactivation" button below to send a new activation token with instructions to your email address.
Request Activation Token
Account Deactivation
If you lose or suspect that your mobile device is stolen, you will need to deactivate your MFA credentials. While it's important that you disable your account, remember that your PIN is still protecting access to your account and information.
Deactivation is a two-step process. Please use the "Deactivation" button below to request your deactivation token. An email will provide instructions on the deactivation process.
Note: reactivating the account to another device does not require deactivation, the reactivation process disables your previous MFA credentials.
Request Deactivation Token
My Account is locked
The sign in screen display an alert that my account is locked due to ten consecutive invalid sign in attempts. The system tracks invalid access attempts and alerts the user after five consecutive miss matches. After ten invalid attempts the system locks the account. The locking process also send an email to the user and the system administrators.
This is a security feature that deters attackers from submitting multiple PINs in an attempt to crack into your account. This stops brute-force attacks that use an exhaustive key search to calculate every possible combination until the PIN is discovered.
You can use the reactivation feature to provision new keys for your account and we strongly suggest changing your PIN. System administrator monitor the account locking emails for activity and patterns that would suggest an organized attempt to comprise security. Logs will be reviewed and the source of traffic will be black listed.
Request Activation Token
Frequently Asked Questions
What is a virtual MFA device?
A virtual MFA device is a TOTP compatible software application that can generate six-digit authentication codes. The software application can run on any compatible computing device, such as a smartphone, tablet or as an app in the Chrome browser.
Which virtual MFA applications can I use with my account?
You can use applications that generate TOTP-compliant authentication codes and allow the scanning of QR codes through the device's camera, such as the Google Authenticator application.
What is a QR code?
A QR code is a two-dimensional barcode that is readable by dedicated QR barcode readers and most smartphones. The code consists of black squares arranged in larger square patterns on a white background. The QR code contains the required security configuration information to provision a virtual MFA device in your virtual MFA application.
What Devices Can I Use?
Virtual MFA applications can be installed from the application store that is specific to your phone type. The following table lists some applications for different smartphone types.
| Device |
Google Authenticator |
Authy 2-Factor Authentication |
Microsoft Authenticator |
| Android |
X |
X |
|
| iOS (iPhone) |
X |
X |
|
| Windows Phone |
|
|
X |
| Blackberry |
X |
|
|
| Desktop/Chrome App |
|
X |
|
Links
Google Authenticator (iOS)
https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8
Google Authenticator (Android)
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en
Authy 2-Factor Authentication (iOS)
https://itunes.apple.com/us/app/authy/id494168017?mt=8
Authy 2-Factor Authentication (Android)
https://play.google.com/store/apps/details?id=com.authy.authy
Authy 2-Factor Authentication (Chrome App)
https://chrome.google.com/webstore/detail/authy-chrome-extension/fhgenkpocbhhddlgkjnfghpjanffonno?hl=en
Microsoft Authenticator
https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggzmcj6
How do I provision a new virtual MFA device?
You can configure a new virtual MFA device by following the instructions provided in the activation email. You will need access to your email on a standalone system separate from the mobile device with the MFA application. The mobile device will need a functioning camera.
My MFA code isn't working?
The TOTP algorithm is timed based. This requires the server and your device to be synchronized. The server is configured to use a Network Time Protocol (NTP) service. Please validated that the time and date on your device is correct and re-provision your device.
What if my mobile device is lost or stolen?
If you lose or suspect that your mobile device is stolen you will need to deactivate your MFA credentials.
What if I don't have a data plan on my phone?
Virtual MFA applications can generate the required code without need of either a cell signal or data plan; it can do so anywhere in the world even when your device is in "airplane" mode.
What if I don't have a connection?
The Virtual MFA applications can generate a passcode without a cellular or wireless connection. The application runs natively on the operating system.
Does it cost me money to authenticate with my phone?
No, both of the tested applications can be installed without a purchase and the code generation does not utilize any bandwidth.