Multi-Factor Authentication Statewide Voter Registration System

Multi-Factor Authentication and the Statewide Voter Registration System

Multi-Factor Authentication Multi-Factor Authentication (MFA) is an added layer of security for logging into OSS applications. Each user is assigned a card with a unique grid of numbers and letters. When logging in, each user will be required to enter letters and/or numbers appearing in particular coordinates on the card.

What is a card?

A “card” is a unique grid of letters and numbers. Each card has a serial number that identifies it as a unique layout. The card is initially sent to MFA users via email, and may also be created by MFA administrators using the MFA management application.

When does a user need a card?

For now, MFA codes from user grid cards will be required every time a user signs in to SVRS and SVRS Practice. In the future, MFA will also be required for other OSS applications, like ERS.

Rev. 6/2018 How is a card assigned?

Initially, the Office of Secretary of State will create an MFA card for each active SVRS user. At least one county staff will have access to the MFA management application. The MFA management application may be used to create a card and assign a card to a user. Every time a new card is created in the system, a new serial number and unique grid is also created.

What if a city needs access to SVRS?

If a city user requires access to SVRS, they will also need an MFA account. The OSS will set up city MFA accounts to start. Counties will be responsible for managing MFA accounts for their cities.

What if a card is lost or unusable?

If a card is lost or no longer useable, a copy of the existing card or a new card may be created by MFA administrators using the MFA management application.

What if a user is no longer active?

If a user’s log-in is no longer active, the card assigned to that user may be deactivated by an MFA administrator deleting the user’s MFA account in the MFA management application. Deleting an MFA account deactivates the current card.

What if a card is locked out?

Like other OSS applications, MFA will lock out a user and their card if there are too many failed log in attempts. MFA administrators may use the MFA management application to view which accounts are locked, and unlock accounts as needed. No action is required in SVRS for locked cards.

What if a user is locked out of SVRS?

If an SVRS account is locked out for too many failed password attempts, it may still be unlocked using SVRS user management. An SVRS account status is not tied directly to an MFA account status. One may be active while the other is locked. No action is required in the MFA management application for locked SVRS accounts.

Rev. 6/2018 Logging in Using MFA

When logging in to a system with MFA activated, a user will still be instructed to enter their user name and password as normal.

Upon successfully logging in, the user will be instructed to enter three letters or numbers from three different coordinates on their assigned card.

The user will match the coordinates to their assigned card.

And enter the numbers or letters into the corresponding fields.

After correctly entering the letters or numbers requested and clicking submit, the user will be logged into the system.

Rev. 6/2018