SMS Frequently Asked Questions
What is SMS?
SMS (Short Message Service) is a text messaging service that allows users to send and receive short messages over cellular networks.
Why are we moving away from SMS?
SMS-based Multi-Factor Authentication (MFA) is being phased out due to security concerns. While it provides an extra layer of protection compared to passwords alone, SMS can be vulnerable to threats like SIM swapping, phishing attacks, and message interception. To enhance security, we are transitioning to more secure authentication methods such as Okta Verify and Google Authenticator.
How do I setup MFA on my device?
Please review this knowledge base article in
ServiceNow.
Can I use my personal phone for MFA?
Absolutely! You can use your personal phone to run Okta Verify or Google Authenticator. These apps do not require internet or cellular service once set up, and they do not collect personal data beyond generating authentication codes. They are not subject to public records requests and are public apps anyone can install and use.
Are there any alternatives to using my personal device for MFA?
Yes. If you prefer not to use a personal device there are 2 alternative options:
- A hardware security key
- A USB key (YubiKey) can be issued as an authentication method. These are less convenient to use than an app and still require the same amount of care and protection as any security device.
- Please review our YubiKey User Policy.
- A city-issued mobile device
- If you have the need for a city mobile device, please work with your manager to submit a request to IT.
When will SMS MFA stop working?
After June 30th, SMS MFA will stop working completely. Avoid login issues—make the switch now! Please review this knowledge base article in
ServiceNow.