Tab/Accordion Items

Multifactor authentication, sometimes known as two-factor authentication, is a security enhancement that adds another layer of security to your online account beyond your username and password. It combines two or more methods (or factors) of authentication from independent categories of credentials to verify your identity for a login or other transaction.

Government entities are a prime target of cybercriminals and hackers looking to steal data or even cripple government infrastructure, which is critical in providing services to the people of North Carolina. Combined with practicing good cybersecurity habits when checking email and using the internet, MFA increases the security of your accounts and state data, even if your password is hacked.

You must authenticate each time you are prompted to log in to an application using MFA.

Let’s say you have authenticated to your application using MFA. As long as the session is active, you will not be prompted for MFA again. When your session expires, you will be prompted to log in again along with the MFA.

MFA enrollment is not used for accessing the MyNCID Portal. You will be prompted to use MFA only when you are access a North Carolina government application that requires MFA. You can learn more about your MFA enrollment as well as modify it the your MyNCID account on the MyNCID Portal.

Verification MethodHow It WorksAdditional Details
EmailThe system sends a one-time password as an email to the email address you have registered. This one-time password is a six-digit code. You will need to enter this code to complete the authentication process.The one-time password is only valid for 10 minutes.
Text MessageThe system sends a one-time password as a text message to the mobile phone number you have registered. This one-time password is a six-digit code. You will need to enter this code to complete the authentication process.The one-time password is only valid for 10 minutes.
Voice CallThe system calls you on the mobile phone number you have registered and will provide a one-time password over the phone. This one-time password is a six-digit code. You will need to enter this code to complete the authentication process.The phone call will repeat the one-time password three times. The password is only valid for 10 minutes.
Authenticator AppThe system prompts you to authenticate your login on the MyNCID Authenticator app on your mobile device.This is the most secure method.

  1. Log in to the MyNCID Portal. If you do not have a MyNCID account, you must first register on the portal.
  2. You will be taken to your profile page after successfully logging in.
  3. Select the MFA tab.
  4. Select the Add Enrollment button. This will allow you to choose from one of the MFA authentication options (i.e., email, text message, voice call, authenticator app).

  1. Log in to the MyNCID Portal.
  2. You will be taken to your Profile page after successfully logging in.
  3. Select the MFA tab. You will see your existing MFA enrollment options.
  4. Select the Add Enrollment button. This will allow you to choose from one of the MFA authentication options (i.e., email, text message, voice call, authenticator app).

  1. Log in to the MyNCID Portal.
  2. You will be taken to your Profile page after successfully logging in.
  3. Select the MFA tab.
  4. Select the Delete icon present on the existing enrollment. (You cannot delete the default enrollment.)

If you do not have your phone with you, authenticating using your secondary (or backup) authentication method. If the backup method is not available, log in to the MyNCID Portal and change your MFA authentication method.

  1. Log in to the MyNCID Portal.
  2. You will be taken to your Profile page after successfully logging in.
  3. Select the MFA tab to access your existing MFA enrollment options.
    • If you see that only the Authenticator app is enrolled, add Email as another MFA method and set Email as your default. This is required before removing the old authenticator tied to your lost phone.
    • If Email is already enrolled, simply set Email as your default MFA method. Then, proceed to remove the old authenticator.
    • Once Email is set as the default, remove the old authenticator that was linked to your lost phone.
  4. Set up a new Authenticator app on your new phone.
  5. Make the new Authenticator app your default MFA method, if you prefer.
  6. Select the Add Enrollment button. 

Notes: 

  • We recommend always setting up email as one of your MFA methods, along with other options, such as text message, voice call or authenticator app. Having email as a backup MFA method ensures you have access through a different device or channel if your phone is lost, stolen, or not working. This extra layer gives you a reliable way to recover your account and avoid being locked out.
  • As a best practice, use one method tied to your phone (such as the authenticator app or text message or voice call) and one method you can access separately (such as email on a laptop or tablet).

  1. Install the Simeio Authenticator app on your smart device.
  2. Open the mobile authenticator app and choose the + at the top right of the screen.
  3. If you are enrolling the authenticator app for the first time, select Scan QR code to scan the QR code displayed on the screen.
  4. If you are already enrolled and authenticating in the application, you will receive a new authentication request in the mobile app that prompts you to approve or deny the request.
  5. You will be authenticated in the application after approving via the authenticator app. 

  1. Log in to the application that requires MFA.
  2. When prompted for MFA, select the Alternate MFA Options.
  3. Choose any of the enrolled MFA options.
  4. If your preferred MFA option is not listed, you need to log in to the MyNCID Portal.
  5. You will be taken to your Profile page after successfully logging in.
  6. Select the MFA tab to access your existing MFA enrollment options.
  7. Select the Add Enrollment button. This will allow you to choose from one of the MFA authentication options (i.e., email, text message, voice call, authenticator app) and set them as a default.
Off