Multi-factor authentication (MFA)

To log into your Monash account, you’ll need to set up multi-factor authentication (MFA). MFA helps keep your personal information private and secure by requiring both a password and another means (factor) to verify your identity when you log in.

Why is MFA important

MFA makes it difficult for an attacker who has your password to access your account or breach University systems. Even if you don’t think you have sensitive information in your account, it’s likely you do, because some University systems maintain information about you.

This may include:

  • address and contact details
  • banking details
  • medical information
  • emergency contact information
  • academic results.

Your MFA options

If you have a smartphone, you can use either the Okta Verify app (recommended) or Google Authenticator for MFA.

If you don’t have a smartphone, or don’t wish to use your smartphone for MFA, you can request a USB device (YubiKey or a U2F). You can also use your own U2F security key.

Three types of MFA options and their features

Okta Verify app
Google Authenticator app YubiKey (USB device)
What’s required
  • Okta Verify app on a phone or tablet
  • Apple: iOS 13.0 or higher
  • Android 7.0 or higher
  • Google Authenticator or other compatible authenticator app on a phone or tablet
  • Apple: iOS 13.0 or higher
  • Android 4.4 or higher
  • A USB security key provided by Monash
  • A laptop or computer with a USB port
How it works Accept a push notification in the app
Type in a six-digit code generated by the app when offline
Type in a six-digit code generated by the app Plug in the YubiKey to a USB port and press the button on it
Supports push notifications Yes No No
Mobile device compatible Yes Yes No
Available offline Yes Yes Yes
Works with VPN Yes Yes Yes
Can be installed on more than one device No (but Google Authenticator can be used as a backup factor) Yes N/A

Set up MFA

You'll be prompted to set up MFA when you activate your Monash account.

Set up backup codes

If you’re locked out of your account because your phone is lost, damaged, or replaced, or if you’ve accidentally deleted the Okta Verify app, you can use a backup code to reset your MFA and get back into your account.

Using MFA

When logging into your Monash account, you’ll receive a prompt for a second-factor verification after you enter your username and password. Unless you’re using Okta Verify push notifications, you won’t need Internet access to use MFA – both Okta Verify and Google Authenticator generate 6-digit codes allowing you to authenticate offline.

For more information, including guidance on logging in while travelling, see using multi-factor authentication.

Managing MFA

If you need to manage your MFA factors, such as changing the smartphone where you have the Okta Verify app installed, visit Identity Portal.

Changing your method of MFA

You should never delete or uninstall your Okta Verify app while your account is active – this could stop you from being able to log into your account. If you’d like to change your method of authentication, contact the Service Desk.

If you’ve uninstalled the Okta Verify app, and you don’t have Google Authenticator as a backup, you’ll need to contact your local Service Desk.

Changing your SIM card, provider, number, or phone

The Okta Verify and Google Authenticator apps will continue to work even if you change your SIM card, mobile provider, or phone number.

However, if you change your phone, you’ll need to transfer your MFA. The same steps can be used to set up Google Authenticator on a new phone.

If you no longer have access to your old phone, contact your local Service Desk.

No luck? Get in touch and we'll help you out.

Raise a service request