Overview
The university's single sign-on (SSO) and multi-factor authentication (MFA) provider, Okta, announced that the SMS (text message) and Voice Call options for MFA and account recovery would no longer be offered. In light of these changes, we have put together a comprehensive timeline below as a resource while we navigate this transition.
At this time, Technology Services encourages all campus community members to adopt Okta Verify as their primary security method for an improved MFA experience ahead of the upcoming retirement of SMS and Voice Call.
Timeline
Starting June 10, 2025, the university discontinued the option for new users to set up the telephony-based security methods, SMS or Voice Call. Existing users were still able to use those methods to verify their login until October 31, 2025.
All users will be unable to use SMS or Voice Call as a security method to log in starting 8:00 a.m. on October 31, 2025. If you do not have a supported security method configured by that date, you will encounter difficulties accessing your university account and will need to contact the Service Desk at 253-879-8585 for assistance.
To allow for prompt support response times, Technology Services plans to remove the SMS and Voice Call MFA options in phases starting October 1, 2025. You can expect additional outreach and communication at least a week prior to when these options will be removed for you.
On the following dates, you will be prompted upon login to configure a supported security method if SMS and/or Voice Call were the only methods set up for your account. Please take note of when the change will affect you based on your affiliation with the university.
- October 1 - staff and administrative partners
- October 15 - faculty, faculty emeriti, and academic partners
- October 29 - students
IMPORTANT - You must configure a supported security method before October 31 to ensure uninterrupted access to your account. After October 31, you will need to contact the Service Desk for assistance if you are unable to log in.
Supported Security Methods
If you only have the Phone (SMS or Voice Call) security method enabled for your account, we strongly recommend setting up at least one supported security method as soon as possible. To do so, go to login.pugetsound.edu, click your name in the upper-right corner, click Settings, then click Set up next to the security method of your choice and follow the prompts.
The following security methods for MFA will continue to be supported. Please follow the links for detailed instructions on how to set it up.
Technology Services recommends Okta Verify for MFA due to its reliability and ease. Okta Verify is a mobile app available for smartphones and tablets. This app simplifies the MFA process by enabling you to quickly verify your login with a single tap of a push notification, eliminating the need for you to manually enter a code. You can respond to push notifications over Wi-Fi. The app does not require a phone number or cell service to function. Once configured for your account, the app also generates codes you can use to log in even if your mobile device has no Internet access.
If you cannot use a mobile app for MFA, Technology Services will have a limited number of hardware security keys available for faculty and staff upon special request. Please submit a service request if you require one. Users requesting a hardware security key will be issued one hardware device. Additional hardware keys can be purchased through The Logger Store.
Challenges with SMS verification
Technology Services recognizes that SMS is the most popular security method for campus community members. With the high usage of SMS for MFA, we understand the significant impact this change will have. The university strives to adapt its security measures to align with best practices. SMS is inherently insecure because messages cannot be encrypted. Verification codes sent via SMS are thus vulnerable to theft or interception. With the prevalence of MFA, attackers commonly phish for verification codes with social engineering.
In addition to security risks, SMS requires consistent access to a strong cellular network signal to successfully receive the verification code. Due to its reliance on phone company systems and data, SMS messaging functionality tends to fail early on during an outage or period of high service demand. In areas with poor or no cell service, this security method will not work effectively, preventing you from being able to log in to your university account.
Communication and support
Additional communications regarding the removal of SMS and Voice Call as security methods for MFA will continue over the next weeks to ensure a smooth transition to a supported security method for all impacted users. We encourage you to set up a supported security method and remove the phone security method as soon as possible. If you encounter difficulties or have questions about your use case, please submit a service request.
You can also email servicedesk@pugetsound.edu, call 253-879-8585, or visit the Tech Center in the lower level of the Collins Memorial Library, Monday through Friday, 8 a.m. - 5 p.m.