Multi-factor authentication (MFA)

To log into your Monash account, you’ll need to set up multi-factor authentication (MFA). MFA helps keep your personal information private and secure by requiring both a password and another means (factor) to verify your identity when you log in.

Why is MFA important

MFA makes it difficult for an attacker who has your password to access your account or breach University systems. Even if you don’t think you have sensitive information in your account, it’s likely you do, because some University systems maintain information about you.

This may include:

  • address and contact details
  • banking details
  • medical information
  • emergency contact information
  • academic results.

Your MFA options

If you have a smartphone, you can use either the Okta Verify app (recommended) or Google Authenticator for MFA.

If you don’t have a smartphone, or don’t wish to use your smartphone for MFA, you can request a USB device (YubiKey or a U2F). You can also use your own U2F security key.


Okta Verify app

Google Authenticator app YubiKey (USB device)
What’s required
  • Okta Verify app on a phone or tablet
  • Apple: iOS 11 or higher
  • Android 4.4 or higher
  • Google Authenticator or other compatible authenticator app on a phone or tablet
  • Apple: iOS 7.0 or higher
  • Android: 2.3.3 or higher
  • A USB security key provided by Monash
  • A laptop or computer with a USB port
How it works Accept a push notification in the app
Type in a six-digit code generated by the app when offline
Type in a six-digit code generated by the app Plug in the YubiKey to a USB port and press the button on it
Supports push notifications Yes No No
Mobile device compatible Yes Yes No
Available offline Yes Yes Yes
Works with VPN Yes Yes Yes
Can be installed on more than one device No (but Google Authenticator can be used as a backup factor) Yes N/A

How to set up MFA

All Monash accounts are protected with MFA. You'll be prompted to register when you set up your account.

To register, use the following guides:

Watch our videos on how to register

For iPhone users

For Android users

Setting up a backup factor

If you've registered for MFA using Okta Verify, we recommend you set up Google Authenticator as a backup factor. Having a backup factor will allow you to use MFA on another phone or tablet.

For detailed instructions, see add Google Authenticator as a backup factor.

If you’re using Google Authenticator, you can set it up on multiple devices.

How to use MFA

When logging into your Monash account, you’ll receive a prompt for a second-factor verification after you enter your username and password. Unless you’re using Okta Verify push notifications, you won’t need Internet access to use MFA – both Okta Verify and Google Authenticator generate 6-digit codes allowing you to authenticate offline.

For more information, including guidance on logging in while travelling, see using multi-factor authentication (MFA).

Changing your SIM card, provider, number, or phone

The Okta Verify and Google Authenticator apps will continue to work even if you change your SIM card, mobile provider, or phone number.

However, if you change your phone, you’ll need to transfer your MFA. See new phone or device: setting up MFA for Okta. The same steps can be used to set up Google Authenticator on a new phone.

If you no longer have access to your old phone, contact your local Service Desk.

Changing your method of MFA

You should never delete or uninstall your Okta Verify app while your account is active – this could stop you from being able to log into your account. If you’d like to change your method of authentication, contact the Service Desk.

If you’ve uninstalled the Okta Verify app, and you don’t have Google Authenticator as a backup, you’ll need to contact your local Service Desk.

No luck? Get in touch and we'll help you out.

Raise a service request