From 9 May, we’re changing the way you log in to EAPF Online. As part of our commitment to make your online experience at https://portal.eapf.org.uk/ safer, faster, and more efficient.
What is MFA?
Multi Factor Authentication (MFA) is an additional layer of security that's added to the login process.
MFA relies on 2 forms of authentication: something you know, and something you have with you. The something you know is your password. The something you have with you can be a mobile device. This means that even if your password is hacked, your account will remain secure.
The benefits of MFA are:
- Enhanced security
- Better user experience
- No PIN to remember
- Ability to enter a full password rather than random characters
- Works with password managers to remember it
If you’re already registered to EAPF Online:
- If you’re already registered, when you next log in after 11am on 9 May, you’ll see a message banner on your dashboard prompting you to sign up for MFA. If you choose to do this, you’ll be taken to the ‘Change Account Details’ screen.
- We strongly recommend that you sign up to MFA, however, you can skip this if you don’t want to set up the new process.
- If you decide to use MFA, you’ll be presented with 2 different options to confirm your identity – SMS or Authenticator App. Depending on your preferred option, you’ll be sent a passcode via that method.
- The next time you log in, you’ll simply enter your full password and use the passcode from your preferred method (SMS or App) to authenticate. The method of authentication can be changed at any point or reverted back to entering random pin and password characters.
A very small number of users may be asked to change their current EAPF Online username (also known as your 'Login name'). This is because there can't be more than one person with the same online username across the whole Capita Hartlink Online system (which provides the EAPF Online portal and many other pension fund portals). If this applies to you, you’ll automatically be sent to the Change Account Details screen to update it when you log in for the first time after 11am on 9 May using your existing username.
If you’re not registered to EAPF Online:
- When you register, you’ll be asked to create a password, and to choose an authentication method for MFA (by SMS or Authenticator App). Once registered, you’ll be sent a first time PIN number. When you log in for the first time after registration, you’ll be asked to input random characters from your password and PIN.
- The next time you log in, you’ll simply enter your full password and use the passcode from your preferred method (SMS or App) to authenticate.
MFA authentication method – SMS or App?
If you chose SMS, you’ll have 5 mins to log in using the passcode.
If you prefer to use an Authenticator app, your passcode is refreshed automatically every few seconds.
You can download a free app from the Google Play store or Apple store. You can use any Authenticator App that generates temporary codes based on time-based one-time passwords (TOTP). There are lots of free or paid Authenticator Apps to choose from. Widely used free apps include Google Authenticator and Microsoft Authenticator.
You can change your MFA authentication method whenever you wish on the 'Change account details' page when logged into EAPF Online.
MFA authentication if you’re an overseas member
Overseas members with a non-UK mobile number can only use the Authentication app method when signing up for MFA. This is because the SMS method requires a UK mobile number beginning with 07. You can download a free app from the Google Play store or Apple store. There are lots of free or paid Authenticator Apps to choose from. Widely used free apps include Google Authenticator and Microsoft Authenticator.
Why are we doing this?
We’re taking action to further protect our members as Cybercrime continues to rise and as a result it's increasingly important that your personal information and data is protected. MFA is being implemented to do exactly this – by using a widely utilised security tool, to keep your personal data secure and gives access to your pension to interact in the most secure environment.