Share:
Print
Facebook
Twitter
Linkedin
Email

Multi-factor authentication

Multi-factor authentication (MFA) will be introduced on the PPSR later this year for users who log in to the website. It will not apply to B2G requests or managing secured party groups once you have logged in. 

Feedback

On this page

How MFA works

When you log in, the PPSR will send a one-time passcode (OTP) to the email address recorded on their user profile.

If you do not receive the OTP, you can verify your identity using your secret questions.

Existing accounts will have a 3-month grace period to opt-in to MFA. After this period, MFA will apply to all accounts.

Before MFA is applied, users will be prompted to review and update their details as they may not have been updated in several years.

We will publish more information on opting in to MFA and using it closer to the release.

Preparation

Secret questions and answers 

We have updated the requirements for secret questions and answers. Existing users who don’t meet the new requirements will be prompted to change their secret questions and answers. 

Your secret questions and answers must: 

  • include 3 unique questions
  • include 3 unique answers
  • contain at least 4 characters per answer. 

Secret answers are not case sensitive. 

Review your details 

All users should review their details to ensure the email address is correct and they know their secret questions and answers. 

When you login, you will see your registered email address. Most users will see an option to manage your user profile.

If you don’t see an option to manage your user profile, you will need to ask your account system administrator to make any changes to your email address or confirm your secret questions and answers. 

To update your email address

  • select Edit in the Personal details section
  • enter your password
  • update the email address
  • select Save

To check or change your secret questions and answers,

  • select Change secret questions and answers button at the bottom of the page
  • enter your password
  • update your secret questions and answers if needed
  • select Save

Account system administrators

You should make sure all users can login before MFA is applied.

What you need to do

  • ensure users log in and review their details
  • help users who cannot update their own details
  • review user records in your account

Prepare users 

Use the user management report to review users in your account and their registered email address. For information about running this report, see Getting PPSR reports

Key considerations: 

  • Shared email address: If you have several users with the same email address, this might cause confusion with the OTP codes. Each OTP email will include the username in the subject line and the first name in the email body to help identify the correct code.
  • Shared usernames: The PPSR does not recommend the use of shared usernames and multiple users entering incorrect one-time passcodes can suspend the user. There is no limit to the number of users or account system administrators you can have on your account, and we recommend each user has their own username with individual names and email addresses recorded.
  • Deactivate or remove users: If someone is no longer with your organisation, it might be a good time to deactivate or remove their access. 

Custom groups

If your account uses custom groups, users will only be able to update their own email address or review their secret questions and answers if at least one of their assigned groups includes the role Users – Manage my user details.

If none of their groups have this role, they will not be able to make these updates.

These users will still be prompted to update their secret questions and answers if they do not meet the new requirements.

What users will see

If these users attempt to save changes without the required role, they will receive an error message.

To fix this, they need to request a password reset, which will allow them to update their secret questions and answers successfully.

The same process applies if their password has expired.

How to manage this:

Add the role to the group

  • Add Users – Manage my user details to the relevant custom group.
  • All users in that group will then be able to update their email address and view or update their secret questions and answers.
  • No individual user changes are required.

Assist the user directly

  • You can retrieve a user’s record and update their email address on their behalf.
  • From the user record, you can also view their secret questions and answers or reset their password.

For information on creating or managing users and groups, see Managing users.

For more information on roles, see PPSR user role descriptions.

^
Was this information helpful?

We welcome your feedback to help us improve our website.
Unfortunately we are unable to respond to individual comments or suggestions.

For enquiries see the options available in our contact us section.