To log into your Monash account, you’ll need to set up multi-factor authentication (MFA). MFA helps keep your personal information private and secure by requiring both a password and another means (factor) to verify your identity when you log in.
Why is MFA important
MFA makes it difficult for an attacker who has your password to access your account or breach University systems. Even if you don’t think you have sensitive information in your account, it’s likely you do, because some University systems maintain information about you.
This may include:
- address and contact details
- banking details
- medical information
- emergency contact information
- academic results.
Your MFA options
If you have a smartphone, you can use either the Okta Verify app (recommended) or Google Authenticator for MFA.
If you don’t have a smartphone, or don’t wish to use your smartphone for MFA, you can request a USB device (YubiKey or a U2F). You can also use your own U2F security key.
| RECOMMENDED |
Okta Verify app
|Google Authenticator app||YubiKey (USB device)|
|How it works||
Accept a push notification in the app|
Type in a six-digit code generated by the app when offline
|Type in a six-digit code generated by the app||Plug in the YubiKey to a USB port and press the button on it|
|Supports push notifications||Yes||No||No|
|Mobile device compatible||Yes||Yes||No|
|Works with VPN||Yes||Yes||Yes|
|Can be installed on more than one device||No (but Google Authenticator can be used as a backup factor)||Yes||N/A|
Set up MFA
You'll be prompted to set up MFA when you activate your Monash account.
Set up backup codes
If you’re locked out of your account because your phone is lost, damaged, or replaced, or if you’ve accidentally deleted the Okta Verify app, you can use a backup code to reset your MFA and get back into your account.
When logging into your Monash account, you’ll receive a prompt for a second-factor verification after you enter your username and password. Unless you’re using Okta Verify push notifications, you won’t need Internet access to use MFA – both Okta Verify and Google Authenticator generate 6-digit codes allowing you to authenticate offline.
For more information, including guidance on logging in while travelling, see using multi-factor authentication.
If you need to manage your MFA factors, such as changing the smartphone where you have the Okta Verify app installed, visit Identity Portal.
Changing your method of MFA
You should never delete or uninstall your Okta Verify app while your account is active – this could stop you from being able to log into your account. If you’d like to change your method of authentication, contact the Service Desk.
If you’ve uninstalled the Okta Verify app, and you don’t have Google Authenticator as a backup, you’ll need to contact your local Service Desk.
Changing your SIM card, provider, number, or phone
The Okta Verify and Google Authenticator apps will continue to work even if you change your SIM card, mobile provider, or phone number.
However, if you change your phone, you’ll need to transfer your MFA. The same steps can be used to set up Google Authenticator on a new phone.
If you no longer have access to your old phone, contact your local Service Desk.