My DOR Multi-Factor Authentication (MFA)

DOR has an additional security measure to safeguard your account information. This enhancement, known as multi-factor authentication (MFA), provides an extra layer of protection beyond your user ID and password.

 

What is Multi-Factor Authentication?

MFA is a security feature that requires users to verify their identity with more than just a username and password. Banks and many other organizations require MFA to protect unauthorized users from accessing customer accounts.

How does MFA work?

When you log on to your My DOR account, update your SAW profile, or register as a new user, you will be required to complete the multi-factor authentication process. An authentication code will be immediately sent to the verified email address or mobile phone number registered in your account. Upon receipt, you simply submit the code to proceed to your account.

Multi-Factor Authentication challenge when accessing My DOR

 

If you receive a Multi-Factor Authentication challenge when logging into My DOR, registering as a new user, or resetting your password, complete the following steps.

  1. On the Multi-Factor Authentication Choose Method page select how you would like to receive your verification code. An authentication code is then sent to the source you selected.
  2. On the Multi-Factor Authentication Enter Code page, either enter or copy and paste the authentication code you received and click Submit.
  3. On the Multi-Factor Authentication Remember Device? page, select the checkbox next to Yes, remember my device to reduce how often you receive MFA challenges. This is not recommended if you are using a shared or public device.
  4. Click Submit to complete the MFA challenge and go to the My DOR Services page.

Multi-Factor Authentication challenge when updating your SAW profile

 

If you receive a Multi-Factor Authentication challenge when updating your SAW profile complete the following steps.

  1. On the Multi-Factor Authentication Choose Method page select how you would like to receive your verification code. An authentication code is then sent to the source you selected.
  2. On the Multi-Factor Authentication Enter Code page, either enter or copy and paste the authentication code you received and click Submit.
Adding Contact Options for Multi-Factor Authentication codes from Secure Access Washington (SAW)
 

You can add options to receive authentication codes using additional email addresses, mobile phone numbers, or using an authenticator application.

  1. On secureaccess.wa.gov enter your Username and Password, then click Submit.
  2. Click the Account button. 
  3. Click the Profile button.
  1. The Manage Your Profile screen displays. Under Additional Contact Information for Security, you can add options to receive authentication codes.
  • To add an additional email address, type it in the Additional Email Address field. If you don’t see the Additional Email Address field, click Add Another Email. You can add up to three additional email addresses.
  • To add an additional mobile phone number, type it in the Mobile Phone Number field. If you don’t see the Mobile Phone Number field, click Add Another Phone Number. You can add up to three mobile phone numbers.
  • To add an authenticator, click the Set Up Authenticator link, follow the instructions, and then click either I’m Done Scanning or Cancel And Go Back to return the Manage Your Profile screen.

    NOTE: The system will automatically assume you successfully have setup the authenticator once on this page. Make sure to follow all the steps provided.
     
  1. Click Update.
  2. Click Close.

The next time you receive a Multi-Factor Authentication challenge, the email addresses and phone numbers you added will be available as options to receive an authentication code.

Frequently Asked Questions

What if I don’t receive an email with a Multi-Factor Authentication code?

What if I don’t receive a text message with a Multi-Factor Authentication code?

What if I don’t have access to my email or mobile phone number to receive a code?

Why should I add a mobile phone number or an additional email address for authentication?

Why wasn’t my device remembered?