Multi-Factor Authentication (MFA)

Access devices running end-of-life operating systems are blocked from accessing FINRA applications. You will not be able to access FINRA applications with the affected system until you upgrade to a supported version of the operating system. Please consult your IT provider for more information related to end-of-life operating systems.

Please contact the FINRA Support Center if you have questions or concerns about this implementation.

Broker-dealer Firms – (301) 869-6699
Funding Portals – (800) 321-6273
Investment Advisers Firms, Exempt Reporting Advisors – (240) 386-4848

Overview

Multi-factor authentication (MFA) is an additional layer of security beyond the user ID and password that enhances security of your account, using another device to verify identity. It will be required for all Super Account Administrators (SAAs) and Account Administrators (AAs) who have access to FINRA applications. This additional security control is provided by the vendor Duo (Cisco), and users must enroll with a landline phone, smartphone or tablet to initiate the MFA process and to use this service going forward. Eventually, all users will have an opportunity to enroll in the Duo MFA service to access various FINRA applications.

The enrollment steps only need to be completed once per user account.

FINRA websites protected by MFA can be accessed from Windows or Mac computers running on one of the latest versions of the operating system. Duo Mobile app works with iOS and Android. Please note that End of Life versions are not supported and all access will be blocked.

Sharing of account credentials to access FINRA systems is strictly prohibited. An account must be used only by the person for whom it is created.

Following are links to additional information regarding the FINRA Multi-factor authentication (MFA):

FINRA MFA Guide (PDF 1 MB)

How to Videos

Enrollment (2:22)

Log-in (1:23)

New Device (1:57)

^ Back to top

Frequently Asked Questions

Can usernames or passwords be shared among multiple users within a firm?

Sharing of account credentials to access FINRA systems is strictly prohibited. An account must be used only by the person for whom it is created.

Why is FINRA implementing MFA?

Multi-factor authentication or MFA is one of the most effective security controls currently available to protect an organization against remote security attacks. If the credentials of a user are compromised, during the login process, MFA can prevent a security breach through an additional verification process.

FINRA is committed to protecting its member firms’ data and systems from being exposed to any security vulnerabilities. Therefore, FINRA has mandated the use of MFA as an additional verification step for firms logging into FINRA applications.

How does MFA benefit my firm?

Passwords are increasingly easy to compromise. They can often be stolen, guessed, or hacked and a user might not even know someone is accessing their account. MFA adds a second layer of security, helping the account stay secure even if the password is compromised.

This second factor of authentication is separate and independent from a firm’s username and password.

How will I know when my firm is scheduled to begin MFA?

MFA is being rolled out in phases beginning in April 2020 to firm Super Account Administrators (SAAs) and Account Administrators (AAs). FINRA will notify firms when they are scheduled for enrollment.

Is MFA mandatory?

FINRA plans to mandate MFA for all organizations’ SAAs and AAs by December 2020. Other users are not included at this time; FINRA will communicate the rollout for all other users once the schedule is established.

What do I do if I lost my phone?

It is strongly recommended that you delete the lost device from your MFA settings; however, you must have at least two registered devices in order to delete the old one. Enroll your new device, then use My Settings & Devices to delete your lost or stolen phone as described in Section 4 of the FINRA MFA Guide.

If you are not able to log in to Duo Mobile at all, contact the FINRA Support Center at (301) 590-6500 to have your missing phone disabled and to get a one-time passcode so you can log on using that passcode.

How do I reactivate Duo Mobile?

If you get a new phone, you will need to re-activate Duo Mobile. You may enroll your new device by using My Settings & Devices as described in Section 3 of the FINRA MFA Guide. Otherwise, contact the FINRA Support Center at (301) 590-6500 to reactivate Duo Mobile.

How do I receive push notifications from Duo Mobile?

You may have trouble receiving push notifications if there are network issues between your phone and the Duo Mobile service. Many phones have trouble determining whether to use the WIFI or cellular data channel when checking for push notifications. To resolve this issue, if you have a reliable internet connection, turn the phone to airplane mode and then turn off airplane mode to return the phone to its normal operating mode. Similarly, the issue may be resolved by turning off the WiFi connection on your device and using the cellular data connection.

If the actions above do not resolve the issue, check the time and date on your phone and make sure they are correct. If the date and time on your phone are manually set, try changing your device's configuration to sync date and time automatically with the network.

If you cannot get Duo Push working on your own, log in with a passcode generated by the Duo Mobile application. Refer to Section 2 (Step 4) of the FINRA MFA Guide for details.

If you have tried the suggestions here but cannot get Duo Push working or reactivate your device yourself, contact the FINRA Support Center at (301) 590-6500.

Need Help?

If you need assistance using Multi-Factor Authentication, contact the FINRA Support Center at (301) 590-6500.