Multi-Factor Authentication Coming Soon to Member Portal

Multi-factor authentication (MFA) compliments your passwords by adding a level of security to your online accounts. When MFA is enabled, users are prompted to enter a code, often sent via text message, to gain access. On October 12, MFA became mandatory for WRS employers. It will soon be required for member portal access as well. 

 

Two factors are better than one

Using only one factor — say, something you know, like a password — to log in to your account is like having one lock on your front door. And not a very secure one.

Using two-factor authentication is like using two locks on your door — and is much more secure. Even if a hacker knows your username and password, they can’t log in to your account without the second credential or authentication factor.

Why a password alone isn’t enough

Like most people, you probably use a strong password to protect your accounts. But hackers use different tactics to steal or guess your passwords.

  • Hackers use phishing attacks to trick you into giving up your login credentials.
  • Scammers buy credentials stolen in data breaches, using your username and your password to log in to the account where the breach happened. (That’s why it’s important to change your password right away if you find out that your information may have been exposed in a breach.)
  • Hackers might also try to use the username and password to log in to another one of your accounts. This works only if you use the same username and password in more than one place — and is a reason to never reuse the same username and password.
  • If hackers only have your username, they can use software to guess your password. If the site doesn’t have safeguards to detect this type of attack, the hacker’s software may be able to try many different passwords.

Taking steps to keep your password secure is an important first line of defense against hackers. But the best way to protect your accounts is to use two-factor authentication, sometimes called two-step verification or multi-factor authentication.

 

©2022 Federal Trade Commission Consumer Advice