The cyber security landscape is changing rapidly. Cyber-attacks are becoming increasingly common and no one is immune. To further advance our cyber security posture at Deloitte, we are adding Multi-Factor Authentication (MFA) - an innovative security feature which enhances security on Deloitte application by adding a second authentication for applications that contain client data.
Frequently Asked Questions
1. What is Multi-Factor Authentication (MFA)?
MFA is a security feature that requires an additional authentication after you enter your username and password, for example a 6-digit pin, similar to online banking applications. It will be necessary to complete a one-time enrolment in MFA. Enrolment is quick and easy
2. What are the benefits of MFA?
Deloitte is increasing its focus on information and network security, and MFA is a technology proven to be a successful measure in helping to prevent against the evolving landscape of cyber security threats such as network breaches, hacking, and credentials compromise. Our clients trust us with their information and data, so we have an obligation to protect them with high standards.
Passwords alone are no longer considered sufficient - weak and stolen passwords are one of the primary causes of data breaches. MFA reduces the risk of unauthorised access to applications and data by requiring a second method of authentication.
3. Who is required to enrol in MFA?
All clients who conduct business with Deloitte must enrol in MFA when communicated to do so. If you choose not to enrol in MFA, you will no longer have access to MFA-enabled applications, which will eventually encompass all web-based applications. This may impede your ability to complete day-to-day tasks.
4. How do I enrol in MFA?
When it comes time to enrol, you will be sent an email invitation that will require you to click on a link to register for MFA. During enrolment, you will be able to select and configure your preferred authentication option. Enrolment is quick and easy and required only once.
Please review the Enrolment Guide to familiarise yourself with the process.
5. Once I have enrolled, how do I authenticate using MFA?
When accessing an MFA-enabled application, you will be prompted for your email address and password as usual, and then you receive a second prompt to further verify your identity through the preferred authentication method selected during the MFA enrolment process. Upon successful verification, you will be able to access the MFA-enabled application.
6. When will I need to authenticate using MFA?
Once the application becomes MFA-enabled, you will be prompted for your second factor using your selected method each time you access it. Your authentication will remain active for 8 hours. The authentication is specific to the browser with which you authenticate. If you try to access the application via a different browser, you will need to re-authenticate.
It’s important to note that the new log-in screen will be a Microsoft log-in screen.
7. What authentication options do I have?
There are a range of easy verification options to complete MFA authentication – via phone call, text message or mobile app notification.
Mobile phone call or text
Authentication phone call
We encourage you to configure back-up methods to authentication in case you ever lose access to your preferred method. Please refer to the detailed MFA Enrolment Instructions Guide for further explanation of each authentication option and instructions on setting up your back-up authentication methods.
*NOTE: The mobile app as your preferred verification method, specifically the ‘use verification code’, as it is the only option that allows MFA verification even without network coverage (i.e. on a flight).
8. In which situations will I be required to authenticate through MFA?
Once an application becomes MFA-enabled, you will be required to authenticate through MFA to access and use the application, website, services, etc. Each time you access the MFA-enabled application, you will be prompted for your second factor using your selected method.
9. Do I have the ability to select back-up authentication methods?
Yes. During your initial MFA Profile setup, you are asked for a secondary authentication option if you chose the ‘Mobile App’ as a Primary authentication option. If you skipped this step or did not use ‘Mobile App’ as the Primary authentication option during initial MFA Profile Setup, follow the steps below:
- To set up your backup authentication methods, navigate to the Additional security verification web page. NOTE: You will have to authenticate via MFA to access the page
- Under ‘how would you like to respond?’ select one or more of the additional options available for authentication and provide the necessary information.
- When you are finished adding additional authentication methods, click
- When the verification message appears, click Close to complete the process.
10. Why should I set up a backup authentication method?
By setting up backup authentication methods, you can decrease the likelihood of being completely locked out of an MFA-enabled application in the situation that you are unable to access your primary authentication method.
11. How do I use my backup authentication method?
- Log-in as you normally would
- To use a backup authentication method, click the Sign in another way on the MFA login page.
- Select the authentication method you wish to use from the available options and proceed as normal.
12. How do I change my preferred MFA authentication method?
To change or modify your preferred settings, such as your preferred authentication method or your registered phone number follow the steps below:
- To change your preferred authentication method, navigate to the Additional security verification web page (note: you will have to authenticate via MFA to access the page).
- Select your preferred method of authentication from the dropdown list under ‘what’s your preferred option?’
- Click Verify preferred option to verify your choice.
- When the verification message appears, click Close to complete the process.
NOTE: The mobile app as your preferred verification method, specifically the ‘use verification code’, as it is the only option that allows MFA verification even without network coverage (i.e. on a flight).
13. My preferred authentication method requires a mobile device. What happens in a situation where my mobile is not available and I need to access an application?
You will need to authenticate using a back-up authentication method When logging into the application without access to your mobile device, click the ‘Use a different verification option’ link on the login page and select one of the back-up options to which you have access.
NOTE: Only applications using the Microsoft Microsoft login and verification page will have the option to use a back-up verification method. If you are attempting to access an application without the option to use a back-up authentication method, and you are unable to access your preferred authentication method, then please contact the application support team of the application, and they will assist you in resetting your MFA account.
14. Will I be required to re-enrol each time an application I use migrates to MFA?
No, you only have to enrol for MFA once. For application access, you have to click on the invite link provided once to continue using the app.
15. Will I be required to authenticate each time I log-on to an MFA-enabled application?
Applications will require MFA authentication, with each authentication session lasting 8-hours*, in which you will not be asked to authenticate again during the 8-hour timeframe.
*NOTE: MFA is browser-based. If you log-in to an application via Internet Explorer and switch to another browser to access the same or another application, or if you shut down your computer, you will be asked to authenticate again, even within the 8-hour session memory timeframe.
16. Does MFA replace my password?
No, your password is your first factor of authentication when logging into all Deloitte applications, and MFA provides the second factor of authentication when logging into web-based applications.
17. How do I change my password?
Your password will no longer be managed through the application. If you need to change your password, please follow the steps below.
- Sign-in with your account. To change your password, click Forgotten my password
- Select I forgot my password
- Follow the prompts on the screen to recover/change your password
18. Do other companies use MFA to authenticate employees or clients?
Yes. Each year, more companies choose MFA as a way to better protect their data or their customers’ data:
- Many organisations mandate using MFA when accessing the organisation’s applications that contain sensitive information.
- Financial institutions require MFA before users can view financial data from a new computer or device.
- Email providers and tech companies suggest that users set up an additional factor to protect emails and prevent against hacking.
- Overwhelmingly, MFA technology has been successful in protecting customer and company data.
19. If I need assistance with MFA-related matters, who can I talk to?
If you are experiencing issues with MFA enrolment or authentication, try closing out the browser and clearing your web browser’s cookies and cache (by clearing web browser history).
If your issue is still not resolved, and you need immediate assistance, please contact the support team of the application.
20. I can't remember which device is Primary for Microsoft Authenticator?
Your Microsoft MFA Profile will show whether the Authenticator App is configured, however does not display which device is configured for use. If you have multiple devices used for MFA, only ONE can be Primary when using the Microsoft Authenticator application. Note – using the wrong Device/Authenticator App will fail authentication. If you have installed the app on multiple machines, you should go through the MFA configure process, on the device you want to use, which will establish a connect with MFA and make that device and Authenticator Application the Primary authentication for your account.
21. What if I change my mobile device, used for MFA, do I need to reconfigure or update my MFA Profile?
Possibly depending on which MFA authentication type you have selected during configuration:
- Same Phone Number: If your MFA profile is configured to Call/Text a phone number and the device has changed but the number remains the same, then no changes are needed.
- Microsoft Authenticator Application: If using this authentication option, then your MFA Profile must be updated (Configure Microsoft Authenticator App), as devices are ‘linked’ to devices and any device change requires you to go through the Authenticator Application setup/configuration, which will remove the ‘service connection’ with your old device and be configured for use with your new device.
To reconfigure, please contact the application support team.
22. Why do I receive a Multi-Factor Authentication call from an anonymous caller when using caller ID?
When Multi-Factor Authentication calls are placed through the public telephone network, sometimes they are routed through a carrier that doesn't support caller ID. Because of this, caller ID is not guaranteed, even though the Multi-Factor Authentication system always sends it.
23. What options are available to complete MFA process if I did not get to the authentication request fast enough (~60 seconds)
When accessing an MFA enabled application the requestor has ~60 seconds to respond to the MFA request before timing out. If someone is not able to respond within this time, the following options are available to move through the authentication process:
- Use a different verification option
- Note: This option requires the user to have already configured a secondary authentication option (Authenticator, Mobile Device <Phone Call/Text>, etc.).
- Click the URL in the browser window and hit <Enter> or refresh the webpage, which will force MFA to resend an authentication request to the user, who can then respond.
- If neither option works, you will need to close your browser (all instances of browser running <information is shared across browser instances> and retry access, which should force MFA to send another authentication request.
- Close your application and restart, which will force MFA to resend an authentication request.
24. What steps must I perform if I lose my mobile phone used for Authentication?
Depending on your MFA authentication configuration, you may not need to do anything, other than replace your mobile device:
MFA Authentication Types
Authenticator Application (Notifications or Code)
- Leverage your application support team and ask them to reset your MFA Profile
- Install Microsoft Authenticator on your new mobile device
- Navigate to Manage MFA Profile and go through MFA Profile setup, selecting Authenticator App and Configure.
- No mobile device changes are needed, simply go through the MFA Profile reconfiguration and use the call/text my authentication phone option that was previously configured and click Contact Me.