Washington State University will no longer support phone-based multi-factor authentication (MFA) — SMS (text messaging) and voice call — effective March 25. Starting at 8 a.m. on that date, WSU accounts that rely solely on SMS and voice call authentication for MFA will be locked.
To avoid being locked out of accounts, users must update their security settings by visiting account.wsu.edu and selecting the “manage security methods” option. Users with accounts relying solely on the phone authentication method should set up at least one of the remaining MFA methods and then immediately remove the text and voice call options. For added security, WSU recommends setting up two or more factors.
To prepare for this change, the onboarding process for new WSU accounts will no longer offer SMS and voice call MFA methods starting Tuesday, Jan. 21. No additional changes to the account activation process are expected at this time. WSU’s admissions and technical support teams are being notified to assist with this transition.
After the removal of SMS and voice call, users will continue to use the following MFA methods for account access:
- Okta Verify: Approve a push notification via the mobile app
- Okta FastPass: Approve a notification via the desktop app
- Google Authenticator: View a time-based one-time passcode via the mobile app
- Security Key: Insert a physical key into the device to authenticate
- Biometric Authenticator: Authenticate using fingerprint or facial recognition, where supported
For more information about MFA at WSU, please visit the MFA resources page.
This change is part of WSU’s ongoing efforts to enhance account security by discontinuing text messaging and call authentication methods, which have become increasingly vulnerable to security threats. As a result, WSU’s MFA vendor will no longer offer these options.
For assistance, contact the Crimson Service Desk at crimsonservicedesk@wsu.edu or 509-335-4357.
