Determining your primary and secondary methods of multi-factor authentication (MFA)

Alerts and notices

Your firm's security plan should include the use of multi-factor authentication (MFA) to help protect your firm and client data. Implementing MFA adds an additional layer of security that helps ensure that only your staff and clients have access to sensitive financial and personal information.

Creating a security plan

If you haven't already developed a written security plan at your firm, the following resources can help you create an approach that protects both your clients and your firm.

Implementing MFA in your firm

To determine how to implement MFA in your firm, review the recommended methods and additional options to see which method best fits your firm's needs. We recommend the Thomson Reuters Authenticator mobile app as it's the only method that sends push notifications to your mobile device when you log in, which enables one-touch access to your software applications. We also support third-party authenticator apps (such as Google Authenticator) for firms that are already using MFA via another software vendor, though those apps require you to manually enter generated codes rather than tapping a push notification on your mobile device. 

For more details on the available MFA methods, see Choosing a multi-factor authentication option.

Choosing primary and secondary (backup) methods for MFA

When implementing MFA, determine a primary method that you and your firm's staff will use as your everyday authentication option, as well as a secondary method that you'll use as a backup in case your primary method is unavailable. Our recommended methods are displayed in bold below.

Note: Thomson Reuters Authenticator display cards are physical devices that generate MFA codes which you enter when logging in to your software. For more information, see Learning about multi-factor authentication devices.

MFA methods

Your primary method should be easily available and fit in to your daily workflow. For this reason, we recommend the Thomson Reuters Authenticator app as it provides the fastest access to your software via the app's push notifications. 

Your secondary method should be reliable and clearly established in your firm's security plan. Because this backup method is intended to supplement your primary method, it must be clearly understood within your firm and easy to access. We recommend the emergency codes because they're available to everyone via their account profiles. For details, see Generating your own emergency codes for MFA.

Regardless of the primary and secondary methods you select, everyone in your firm should generate a batch of emergency codes and store them in a safe place so they don't get locked out of their accounts or software.