Multi-Factor Authentication Security

Note:  As of September 2019, Multi-factor authentication (MFA) is now automatically enabled for Service Provider users.

A major challenge of system security is keeping user credentials secure. User names, passwords, and personal information such as date of birth are no longer considered secure. This is especially true for people who have ever used a public computer in a library, or accessed a secure website over a public Wi-Fi network. Community computers and public Wi-Fi are vulnerable to screen scraping or decrypting technologies which put credentials at risk.

Because many people use the same credentials across websites, phishing schemes and malicious redirects also play a part in security breaches. If a cyber-criminal has access to one set of your credentials, that criminal may have access to all of them.

MFA security for service providers, worksite managers, worksite trusted advisors, and customer users helps keep credentials secure. MFA provides an additional level of user authentication outside of the web browser. When MFA is enabled in PrismHR and a user tries to log in, the system generates an email or text message with a unique validation key. This key, or passcode, is valid for a single use and expires after a set time period. The email or text message authenticates the legitimate user. It also notifies the rightful account owner that an unauthorized user has stolen their credentials.

To begin using MFA, you must first set up a message template in PrismHR. Message templates send the emails or text messages that contain the text and unique passcode.