Texts are going away for MFA. What does this mean for you?
Okta, the Identity Management Provider (IDP) for St. Edward's, is no longer supporting text messages and automated phone calls (SMS) as second authentication factors. We have extended the use of text and voice messages for university accounts for a limited time. If you are still using SMS for MFA, then you need to transition to more secure factors, such as Okta Verify, before the extended support period ends on September 30, 2025.
If you need help setting up MFA factors, or resetting them, please see our article: How to Reset Your Multi-Factor Authentication (MFA) Factors.
Message from our Vendor
Starting September 15, 2024, at time of renewal, all customers must bring-their-own telephony provider via Okta’s Telephony Inline Hook in order to continue to send SMS and voice messages for both MFA and non-MFA use cases (authentication / account unlock / password reset).
SMS has played an important role as a universally applicable method of verifying a user’s identity via one-time passcodes. However, SMS offers limited assurance, and Okta has long recommended moving away from phone-based authentication. In August of 2023, Okta stopped offering out-of-the-box telephony services for all net new customers, and starting September 15, 2024, upon renewal, Okta will extend that policy to all customers. Although Customers are free to choose to continue to use SMS and voice for authentication by bringing-their-own provider, Okta urges customers to consider higher assurance out-of-the-box authenticators such as Okta Verify, FastPass, and FIDO2 Webauthn.