Multi-Factor Authentication (MFA)

ON THIS PAGE:

What's New

Beginning August 16, 2024, during a four-week period, FINRA will deploy multifactor authentication (MFA), to all active FINRA Entitlement user accounts for the FINRA Entitlement Program. Super Account Administrators (SAAs) and Account Administrators (AAs) already use MFA to access the FINRA Entitlement Program.

Multi-factor authentication (MFA) is an additional layer of security beyond the user ID and password that enhances security of your account, using another device to verify identity. This additional security control is provided by the vendor Cisco Duo. Users must enroll with a landline phone, smartphone, tablet or security key to initiate MFA. You will be directed to the Duo website to complete MFA.

The enrollment steps only need to be completed once per account.

FINRA systems protected by MFA can be accessed from Windows or Mac computers running on one of the latest versions of the operating system. Duo Mobile app works with iOS and Android. Please note that end-of-life versions are not supported and all access will be blocked.

Devices using end-of-life operating systems are blocked from accessing FINRA systems. You will not be able to access FINRA systems until you upgrade to a supported version of the operating system. Please consult your IT provider for more information related to end-of-life operating systems.

Please contact the FINRA Support Center if you have questions about this implementation.

Sharing of account credentials to access FINRA systems violates FINRA security policy and is strictly prohibited. An account must be used only by the person for whom it is created.


  FINRA MFA Guide (PDF 1 MB)
 

Frequently Asked Questions

1Q: Why has FINRA implemented MFA?

1A: Multi-factor authentication or MFA is one of the most effective security controls currently available to protect an organization against remote security attacks. If the credentials of a user are compromised, during the log in process, MFA can prevent a security breach through an additional verification process.

FINRA is committed to protecting its organizations’ data and systems from being exposed to any security vulnerabilities. Therefore, FINRA has mandated the use of MFA as an additional verification step for users logging into FINRA systems.

2Q: How does MFA benefit my organization?

2A: Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked and a user might not even know someone is accessing their account. MFA adds a second layer of security, helping the account stay secure even if the password is compromised.

This second factor of authentication is separate and independent from an account’s username and password.

3Q: Is Multifactor Authentication (MFA) mandatory?

3A: Yes, Super Account Administrators and Account Administrators must use MFA. Beginning August 16, 2024, during a four-week period, FINRA will deploy MFA to all active user accounts for the FINRA Entitlement Program. 

4Q: What are the MFA features with the August 16, 2024 implementation?

  • Duo Push will be replaced with Verified Duo Push which will require a verification code to be entered into the Duo Mobile Application in order to complete authentication. Users will have 60 seconds to enter the code from when it is displayed.
  • During enrollment, MFA will provide an option for a Security Key, which is a digital service on a personal device or a physical device that allows users to authenticate through the MFA process. If a user decides to use a physical security key, MFA is completed by inserting the security key into the USB port on the computer and, if needed for the model used, the user taps the security key or presses the security key button.
    • Information on using a digital security key, such as Passkey, please visit How to Set Up a Passkey.
    • The user must have a supported security key. Duo MFA supports WebAuthn/FIDO2 security keys such as those offered by Yubico and Feitian. U2F. Only Security keys such as Yubikey NEO-n are not supported with Firefox.
    • FINRA does not endorse any specific security key vendor or model and recommends that organizations perform adequate testing to ensure that the device they intend to use is compatible with Duo MFA for FINRA. More information on Duo-compatible security keys is available on Duo’s website.

5Q: Will I be required to re-enter identifying information to reauthenticate each time I log in?

5A: If the same computer and browser are used within a 24-hour timeframe to access FINRA systems, you will not be required to re-enter identifying information to re- authenticate each time you log in.

6Q: Which computers support FINRA MFA?

6A: FINRA websites protected by MFA can be accessed from Windows or Mac computers running on one of the latest versions of the operating system. 

7Q: What do I do if I lost my phone?

7A: It is strongly recommended that you delete the lost device from your MFA settings; however, you must have at least two registered devices in order to delete the old one. Enroll your new device, then use Manage Devices to delete your lost or stolen phone as described in Section 4 of the FINRA MFA Guide.

If you are not able to log in to Duo Mobile at all, contact the FINRA Support Center at (301) 590-6500 to have your missing phone disabled and to get a one-time passcode so you can log on using that passcode.

8Q: How do I reactivate Duo Mobile?

8A: If you get a new phone, you will need to re-activate Duo Mobile. You may add and enroll your new device by using Manage Devices as described in Section 3 of the FINRA MFA Guide. Otherwise, contact the FINRA Support Center at (301) 590-6500 to reactivate Duo Mobile.

9Q: Why am I not receiving Push Notifications from Duo Mobile?

9A: You may have trouble receiving push notifications, verified push notifications starting August 16, 2024, if there are network issues between your phone and the Duo Mobile service. Many phones have trouble determining whether to use the WIFI or cellular data channel when checking for push notifications. To resolve this issue, if you have a reliable internet connection, turn the phone to airplane mode and then turn off airplane mode to return the phone to its normal operating mode. Similarly, the issue may be resolved by turning off the WiFi connection on your device and using the cellular data connection.

If the actions above do not resolve the issue, check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device's configuration to sync date and time automatically with the network.

If you cannot get Duo Push working on your own, log in with other options available in the Duo Mobile application, such as text message passcode, phone call, security key or bypass code (provided by the FINRA Support Center). Refer to Section 2 (Step 4) of the FINRA MFA Guide for details.

10Q: Can usernames or passwords be shared among multiple users within a firm?

10A: Sharing of account credentials to access FINRA systems violates FINRA security policy and is strictly prohibited. An account must be used only by the person for whom the account was created.

Need Help?

If you need assistance using MFA, contact the FINRA Support Center at (301) 590-6500.