The FCA have recently announced that, in an effort to ‘strengthen how firms and others log into…systems and to further protect and control access to…data’, it will require multifactor authentication for many of its systems, from 20 January 2023 (16 February for the Electronic Submission System).
These include:
- Connect – from 20 January 2023
- Reg Data – from 20 January 2023
- Online Invoicing (Fees Portal) – from 20 January 2023
- Shared Intelligence Service (SIS) – from 20 January 2023
- Electronic Submission System (ESS) – from 16 February 2023
Multi-factor authentication is a security method that requires the user to provide two or more verification factors to gain access to a system. Single-factor authentication (i.e., just your username and password), whilst useful, is more vulnerable to being guessed through trial and error, or simply stolen. Using multi-factor authentication introduces an additional barrier for potential cyber attacks and provides increased confidence that your personal information is safe.
The regulator has emphasised that existing log-in details will not change and users can continue to use these to access the system as normal. However, following the implementation date for each system, all users will be prompted to turn on multi-factor authentication when logging in. This will require them to enter a one-time passcode (otp) which can be generated from:
- An authenticator app
- A text message
- An automated phone call
If choosing to use an app for authentication, the FCA have recommended the Salesforce Authentication App, as this is the one they can best support with technical advice should any issues arise.
Whilst users of Connect, Reg Data, and the Fees Portal should only have to register once for multi-factor authentication, those who also access ESS or SIS will be required to switch on multi-factor authentication on these systems separately.