Multi-factor authentication overview

Alerts and notices

What is multi-factor authentication?

Multi-factor authentication provides an additional layer of security that helps protect your firm's confidential data. Many of your online accounts or software applications are currently protected by a login and password. That password is the single factor in the authentication process — the way that those applications or services confirm your identity. 

Multi-factor authentication adds at least one more layer of identity verification to that process so your protection against hacking and fraud attempts is stronger and more secure than a simple password. That additional layer can take many forms, such as a physical ID card, a digital confirmation code, or even your fingerprint. You're using multi-factor authentication every time you pay a transaction using a debit card or withdraw cash from an ATM: your debit card is one factor and your PIN is another.

Enabling multi-factor authentication for your login credentials

You can implement multi-factor authentication for your Thomson Reuters ID and/or NetFirm CS account.  See the appropriate article below to enable MFA for your CS Professional Suite accounts.


  • To use multi-factor authentication with your NetStaff CS account and your Thomson Reuters ID, you must pair each account with your device separately.
  • To log in to your CS Professional Suite applications with multi-factor authentication, you must enable MFA for the account you use to sign in with. If you are unsure which account this is, see Logging in to CS Professional Suite applications.

Once enabled, how will MFA work with my account?

With MFA enabled for you account, you approve sign in attempts using a separate mobile device and the Thomson Reuters Authenticator or another TOTP-compliant mobile app. An example of what this may look like for you is as follows:

  1. Download the Thomson Reuters Authenticator mobile app on your mobile device.
  2. During the steps to enable MFA for your account, you will scan a QR code that pairs you mobile device and account.
  3. The next time you log in to an application or use your account to sign in to our website, you will receive a notice on your mobile device from the mobile app.
  4. Validate you are the person attempting to sign in by approving the request on your mobile device. If you receive a message like this on your device, and are not attempting to sign in, you can reject the request to deny access.

Related topics

Internal notes

When an admin user cannot log in using multi-factor authentication, we can assist them in obtaining a temporary code. For details, see the following: