Two-factor authentication (2FA) or Multifactor authentication (MFA)
Two-factor authentication protects sensitive information by adding an additional layer of security beyond passwords. This change enhances security for personal and organization data. This meets new laws and regulatory standards. The change is being released in phases, however 2FA can be opted into early.
Will I be affected by two-factor authentication?
We require all non-federated users (including insurance professionals and policyholders) to use multiple-factor authentication (2FA) by 30 June 2025. This change helps you meet legal requirements and secure your and your customers’ information.
Users must use 2FA to sign in to the following applications:
Allyne | PropX | XactContents |
Benchmark | Pruvan | XactContents Professional |
ClaimXperience | Respond | Xactimate X1 (desktop) |
ContentsTrack | Respond MAP | Xactimate online |
Direct Supplier | Time and Materials | XactPRM |
Inspection Manager | XactAnalysis | XactRebuild |
OneXperience | XactInsights | XactRemodel |
PlaCrd | XactAnalysis QR | XactRestore |
Property Preservation Wizard (PPW) | XactAnalysis SP |
Opt into 2FA early
Set up email authentication
Caution: Once authentication is setup, you cannot opt out or return to legacy 2FA if you were previously using it. Once an email is entered, the email feature may not be deactivated, however other options, such as text messaging and authenticator apps can be enabled.
- In the Verisk Identity Server, select SET UP next to Email. This assigns the email address on the account as the 2FA email address.
Note: By default, the Xactware ID (XID) is used as the email address for 2FA. Users can choose to use a different email address but cannot remove the email requirement.
- Enter the code you were emailed.
- Select Close.
Set up text messages
- In the Verisk Identity Server, select the SET UP button next to Text message.
- Enter your Mobile phone number.
Note: The mobile number entered here does not change the phone number on your account, it is only used for the 2FA. To update your phone number on your account, see our Xactware ID: Create, manage and change or forgot password document for assistance.
- Select RECEIVE A CODE VIA SMS.
- Enter the code received via text message in the Enter code field.
Note: Note: If you do not receive a text message, select resend code? to try again.
- Select Verify.
Set up authenticator app
Note: Note: The instructions below use Google Authenticator as an example, however the Microsoft Authenticator, Authy, 1Password, or LastPass Authenticator can be used as well. Okta Verify and Duo Mobile are not compatible.
iOS
- Within the App Store, search for Google Authenticator.
- Select Get.
Note: Users may have to enter a password or use Face ID to download the app.
- Select Open.
- Log in to Google Authenticator with your Google account information. You can also proceed without an account.
Android
- Within the Google Play store, search for Google Authenticator.
- Select Install.
- When installation is complete, select Open.
- Log in to Google Authenticator with your Google account information. You can also proceed without an account.
Set up authenticator app in Account Settings
Note: The steps below assume you are using the Google Authenticator app on iOS. The steps may vary slightly if you are using an Android device or different app. To remove an authenticator app, select remove instead of set up.
- In the Verisk Identity Server, select the SET UP button next to Authenticator app. This will open a popup with a QR code which will be used in a later step.
- Within the Google Authenticator app on your mobile device, select the add button.
- Select Scan a QR code.
- Use the app on your mobile device to scan the QR code which was opened in step 1.
- After you scan the code, select Next in your browser.
- Enter the code from the Google Authenticator app into the Enter code field.
- Select Verify.
Setup 2FA after mandatory rollout
If you have not set up 2FA before the required date, when you log into your program, you will be presented with the MF 2FA A setup. The steps below show signing into XactAnalysis, however this experience may vary slightly depending on which program you are signing into.
- Enter your password.
- Click LOG IN.
- Enter the code emailed to you in the Enter a code field.
Click go to app to continue into your selected program or click go to account settings to setup text message or an authenticator app using the steps in the above sections.
Important reminders about the login experience
- Account holders are challenged with 2FAwhen they log in. If all three 2FAoptions are set up, the user can choose which one they want to use to sign in.
- Account holders can remove and reset optional security methods (text message and authenticator app) in Account Settings. However, email authentication is required and cannot be removed.
- Once users are set up in the new 2FAsystem, they cannot return to the legacy two-step authentication or opt out of 2FA.
- Security questions are no longer part of the login experience.