To log into your Monash account, you’ll need to set up multi-factor authentication (MFA). MFA helps keep your personal information private and secure by requiring both a password and another means (factor) to verify your identity when you log in.
Why is MFA important
MFA makes it difficult for an attacker who has your password to access your account or breach University systems. Even if you don’t think you have sensitive information in your account, it’s likely you do, because some University systems maintain information about you.
This may include:
- address and contact details
- banking details
- medical information
- emergency contact information
- academic results.
Your MFA options
If you have a smartphone, you can use either the Okta Verify app (recommended) or Google Authenticator for MFA.
If you don’t have a smartphone, or don’t wish to use your smartphone for MFA, you can request a USB device (YubiKey or a U2F). You can also use your own U2F security key.
| RECOMMENDED Okta Verify app | Google Authenticator app | YubiKey (USB device) | |
|---|---|---|---|
| What’s required |
|
|
|
| How it works |
Accept a push notification in the app or Type in a six-digit code generated by the app when offline | Type in a six-digit code generated by the app | Plug in the YubiKey to a USB port and press the button on it |
| Supports push notifications | Yes | No | No |
| Mobile device compatible | Yes | Yes | No |
| Available offline | Yes | Yes | Yes |
| Works with VPN | Yes | Yes | Yes |
| Can be installed on more than one device | No (but Google Authenticator can be used as a backup factor) | Yes | N/A |
How to set up MFA
All Monash accounts are protected with MFA. You'll be prompted to register when you set up your account.
To register, use the following guides:
- register with Okta Verify app
(to register with Okta from China, see register for MFA and log in from China) - register with Google Authenticator app
- register with YubiKey
- register with U2F (FIDO capable) device.
Watch our videos on how to register
For iPhone users
For Android users
Setting up a backup factor
If you've registered for MFA using Okta Verify, we recommend you set up Google Authenticator as a backup factor. Having a backup factor will allow you to use MFA on another phone or tablet.
For detailed instructions, see add Google Authenticator as a backup factor.
If you’re using Google Authenticator, you can set it up on multiple devices.
How to use MFA
When logging into your Monash account, you’ll receive a prompt for a second-factor verification after you enter your username and password. Unless you’re using Okta Verify push notifications, you won’t need Internet access to use MFA – both Okta Verify and Google Authenticator generate 6-digit codes allowing you to authenticate offline.
For more information, including guidance on logging in while travelling, see using multi-factor authentication (MFA).
Changing your SIM card, provider, number, or phone
The Okta Verify and Google Authenticator apps will continue to work even if you change your SIM card, mobile provider, or phone number.
However, if you change your phone, you’ll need to transfer your MFA. See new phone or device: setting up MFA for Okta. The same steps can be used to set up Google Authenticator on a new phone.
If you no longer have access to your old phone, contact your local Service Desk.
Changing your method of MFA
You should never delete or uninstall your Okta Verify app while your account is active – this could stop you from being able to log into your account. If you’d like to change your method of authentication, contact the Service Desk.
If you’ve uninstalled the Okta Verify app, and you don’t have Google Authenticator as a backup, you’ll need to contact your local Service Desk.