Multi-factor authentication (MFA) provides you with increased protection, keeping your personal information private and secure. It requires using another factor to verify your identity, as well as your password, when logging in.
Why is MFA important
MFA makes it difficult for an attacker who has your password from being able to access your account or breach University systems. Even if you don’t think you have sensitive information in your account, some University systems maintain information about you that may include:
- address and contact details
- banking details
- medical information
- emergency contact information
- academic results.
Your MFA options
| RECOMMENDED Okta Verify app | Google Authenticator app | YubiKey (USB device) | |
|---|---|---|---|
| What’s required |
Okta Verify app on a phone or tablet. - iOS 11 or higher - Android 4.4 or higher | Google Authenticator or other compatible authenticator app on a phone or tablet | A hardware token provided by Monash |
| How it works |
Accept a push notification in the app or Type in a six digit code generated by the app when offline | Type in a six digit code generated by the app | Plug in the YubiKey to a USB port and press the button on it |
| Supports push notifications | Yes | No | No |
| Mobile device compatible | Yes | Yes | No |
| Available offline | Yes | Yes | Yes |
| Works with VPN | Yes | Yes | Yes |
How to register for MFA
All Monash accounts are protected with MFA. You'll be prompted to register on your first login to a Monash system. The following guides are available to assist you:
- Register with Okta Verify app
- Register with Google Authenticator app
- Register with YubiKey
- Register with U2F (FIDO capable) device
Watch our videos on how to register
For iPhone users
For Android users
Frequently asked questions (FAQs)
Setting up MFA
You can register for MFA and we have guides available for all MFA options. See the full list of guides above.
There are currently four options to choose from.
Okta Verify app
We recommend the Okta Verify app which works on most smartphones and offers the easiest user experience via a push notification to your phone. It also has an offline functionality to use when you don’t have wireless coverage or when you are travelling.
Google Authenticator
We also support Google Authenticator which will require you to input a six digit code.
Yubikey - if you don’t have a smartphone
If you don’t have a smartphone, we offer a USB device called a YubiKey. You simply press a button on the device while it is connected to your computer when prompted for MFA.
U2F device (FIDO capable) - if you don’t have a smartphone
You can also get a ledger device to connect to your computer when prompted for MFA.
Yes, you can, and we recommend setting a backup factor to use when you don’t have access to your phone. For more information see our guide for Google Authenticator.
The University will provide you with a special USB key, known as Yubikey. To request and set up a YubiKey please see Register with YubiKey.
The University will provide you with a special USB key, known as Yubikey. To request and set up a YubiKey please see Register with YubiKey.
If you can’t see the Okta Verify app in your app store, your phone’s operating system may be out of date. The Okta Verify app requires iOS 9.0 or later and for Android devices it requires version 4.4 or later.
Alternatively, you might be able to use a Google Authenticator compatible app instead. Also see Register with YubiKey.
The Android app store may not be available in certain countries around the world. See the FAQ How do I install Okta Verify if I am based in China?
Okta Verify app requires iOS 9.0 or later and for Android devices it requires version 4.4 or later.
The Google Authenticator app requires iOS 7.0 or later and for Android devices it requires version 2.3.3 or later.
Yes, you can. To register a personal U2F security key contact your local Service Desk who will be able to assist. Our Service Desk will need to make some updates to your account after which you will be able to follow this guide Register with U2F (FIDO capable) device
No. The Okta Verify app is linked to the device it is installed on. If you are getting a new device you can swap your Okta Verify app between the two. See Changing your phone.
Yes, you can. If you want to use Google Authenticator on multiple devices simply scan the QR code on each device you wish to register before entering the confirmation code.
We do recommend setting up a backup factor. See our guide for Google Authenticator.
For assistance, see Setup Okta Verify without scanning the QR code
If you're an Apple user you should download the Okta Verify app from the Apple App Store. If you're an Android user you will need to download the app directly. See our guide Register for MFA and login from China.
General use
Multi-factor authentication (MFA) provides you with increased protection, keeping your personal information private and secure. It involves using a second device to verify your identity when logging in. MFA makes it difficult for an attacker who has obtained your password from being able to access your account.
No. MFA is required on every IT account provided by Monash University. This is to ensure your personal information, data and University systems remain secure.
Any time you log in from a new device or browser, you will need to MFA. On devices you regularly use, the next time you log in you can tick Do not challenge me on this device again. When using that same device and web browser you will no longer have to complete an MFA challenge.
Some services and applications, such as the VPN, require you to MFA on every login.
Yes, you can. On devices you regularly use, the next time you login you can tick Do not challenge me on this device again. When using that same device and web browser you will no longer have to complete an MFA challenge.
Some services and applications, such as the VPN, require you to MFA on every log in.
If you receive a notification from the Okta verify app, or an email saying you have logged into a new device, but you don’t recognise that activity, immediately contact your local Service Desk.
Okta does not track your exact location, so the location it says you are logging in from may not be 100% accurate. The information actually comes from where your internet provider has registered the internet address you are using at the time.
If you are logging in from Melbourne and the notification on your phone lists as Richmond, then that’s OK. If the notification is from a different state or country you should immediately contact your local Service Desk.
If you have an active account at the University, you should not delete the Okta Verify app. You may lock yourself out of your account if you do not have a backup factor configured.
You'll be required to use the app when logging in from new browsers, new devices, when travelling overseas, or when using the VPN and other sensitive applications. Once you’ve registered and configured the Okta Verify app, keep it installed on your device.
If you have uninstalled the Okta Verify app you will need to contact your local Service Desk who will be able to reset your MFA registration which will allow you to re-install the app and re-register your device.
YubiKey requires a USB port to work. If your mobile device has a USB input or a USB dongle you may be able to use your YubiKey with it. Apple iOS devices are currently not compatible with Yubikeys.
If you would like to change from using the YubiKey and start using the Okta verify app you will have to visit your local Service Desk in person. We ask that you return the YubiKey and your account will be configured so that you can register for the Okta Verify app.
If you can’t complete an MFA challenge because you don’t have access to your phone, contact your local Service Desk.
On devices you regularly use, the next time you log in you can tick Do not challenge me on this device again. When using that same device and web browser you will no longer have to complete an MFA challenge.
Some services and applications, such as the VPN, require you to MFA on every login.
We recommend you setup a backup factor with the steps available here in our guide for Google Authenticator.
New, damaged or lost devices
If you can’t complete an MFA challenge because you don’t have access to your phone, or because it is damaged, contact your local Service Desk.
On devices you regularly use, the next time you log in you can tick Do not challenge me on this device again. When using that same device and web browser you will no longer have to complete an MFA challenge.
Some services and applications, such as the VPN, require you to MFA on every log in.
We recommend you setup a backup factor with the steps available here in our guide for Google Authenticator.
The Okta Verify and Google authenticator apps will continue to work even if you change your SIM card, mobile provider, or phone number.
If you are changing phones, see Changing your phone or device.
If you no longer have access to the old phone you will need to contact your local Service Desk who will be able to reset your MFA and you will need to re-register your new device.
If you still have your old phone, you can re-register Okta Verify on your new phone. See our guide Changing your phone or device.
We recommend you setup a backup factor with the steps available here in our guide for Google Authenticator.
If you can’t complete an MFA challenge because you don’t have access to your phone, contact your local Service Desk.
On devices you regularly use, the next time you log in you can tick Do not challenge me on this device again. When using that same device and web browser you will no longer have to complete an MFA challenge. Note that some services and applications, such as the VPN, require you to MFA on every log in.
We recommend setting up a backup factor for times that your phone becomes unavailable. See our guide on setting up Google Authenticator.
If you are experiencing a delay in getting a new phone you should contact your local Service Desk to discuss your options.
Contact your local Service Desk for assistance.
If you have lost your YubiKey you will need to order a replacement at your own cost. If you need access right away you should contact your local Service Desk to discuss your options. If you don’t need access right away you can order a replacement YubiKey.
Yes there is. See replacement Yubikey pricing.
Travelling
If you need to access your University account, then yes, you do. When you travel locally or internationally you may still be prompted for MFA so you should take your phone with you. Each time you log in from a new country you will be asked to MFA.
No, you don’t. Both the Okta Verify and Google Authenticator apps have the ability to generate an offline six digit code that you can use for MFA. This doesn’t require wi-fi or mobile phone coverage on your phone.
For more information see Login using Okta Verify with a one-time pin or Login using Google Authenticator with a one-time pin.
There is no data or internet coverage required for MFA using a YubiKey.
You will be prompted for MFA whenever you login from a new country. This is a security measure to reduce the likelihood of your account being hacked or breached and accessed from another country. For this reason you will need to ensure you have your MFA device with you when travelling if you plan on accessing University systems.
If the date and time on your phone doesn't match your location, you'll experience the following issues:
- you won't receive a push notification when using Okta Verify
- if using a one-time code generated by Okta Verify or Google Authenticator, it will be rejected and you'll receive the error message, Your passcode doesn't match our records. Please try again.
If you are already travelling and you don’t have your regular MFA device with you, contact your local Service Desk to discuss your situation.
Changing a SIM card will not impact the use of Okta Verify or Google Authenticator. Both apps pair with your device, not your telephone number, meaning if you use a new or different SIM you can still use the device for MFA.
For more information see our guides on logging in while travelling for both Okta Verify, Login using Okta Verify with a one-time pin and Google Authenticator Login using Google Authenticator with a one-time pin.
If you change phones while travelling you will need to swap your MFA between them. See Changing your phone or device.
If you still have access to your old phone you can still use it in offline mode to complete MFA using a six digit code. This doesn’t require wi-fi or mobile phone coverage on your phone.
Many Google services are unavailable in China, and as such, push notifications on Android devices do not work.
See our guide, Register for MFA and login from China. Once registered, you can follow this guide to login, Login using Okta Verify with a one-time pin.
Privacy
The Okta Verify app does not access any data stored on your phone.
No. The Okta Verify app does not use your phone’s GPS or location tracking functionality.
When you receive a sign-in notification, the Okta verify app will show you the approximate location of the device that is trying to sign into your account, based on that device’s internet protocol (IP) address. The location attached to the IP address is set by your internet service provider.
The Okta Verify app requests access to your camera to scan the QR code to register your account. This access can be revoked after you have successfully registered. Access to the camera does not mean access to your photo library.
Yes, you can. Follow this guide for assistance, Setup Okta Verify without scanning the QR code.