Multi-factor authentication frequently asked questions

 

Why is SFM introducing multi-factor authentication?

Multi-factor authentication helps keep your data more secure. It adds a layer of protection to prevent hackers from gaining access to your account.

 

What is multi-factor authentication?

Systems with multi-factor authentication require users to enter a combination of two or more authenticators (such as a password and a code sent via text message) to log in. This adds security because even if one authenticator is compromised, hackers still will not be able to gain access without the other one.

 

Which SFM websites are affected?

This change affects SFM Agency Manager (SAM), CompOnline, Claim Connection, Provider Connection and the payment portal.

 

When will you start requiring multi-factor authentication?

We’re rolling out multi-factor authentication gradually, so each SFM website will have a different start date. CompOnline was the first website to launch, and SFM Agency Manager (SAM) will be next. Agents can begin signing up for multi-factor authentication on March 14, 2024. For each website, users will start receiving notices two months before multi-factor authentication is required via email, and when they log in.

 

How will it work?

Periodically when you log in, after you’ve entered your username and password you’ll be asked to:

  • Choose a mobile number or email address where we can send your verification code, from those we have on file.
  • Enter the verification code sent to you via email or text.

You’ll be prompted to do this every 30 days. You’ll also be prompted when you switch to a different browser or device, or clear your cookies.

 

What are my options to receive the verification code?

You can receive the verification code via email or text message. We’ll ask you to enter and verify two methods of contact (either an email address and a mobile number, or two email addresses) so that you can still log in if your preferred method is unavailable.

 

How often will I have to enter a verification code?

You’ll be prompted to enter a verification code to log in every 30 days. You’ll also be prompted to enter the code when you switch to a different device or web browser, or clear your cookies.

 

Do I need to set up multi-factor authentication?

Yes. You can complete the setup process anytime during the two months leading up to the launch date. You’ll receive an email notifying you when the setup period begins, and you’ll be given the option to complete the process each time you log in during that period.

During the setup process, you’ll be asked to:

  1. Confirm that your email address on file is correct or make corrections if necessary.
  2. Enter a verification code sent to your email address.
  3. Confirm your mobile number is correct if we have it on file, or otherwise enter your mobile number.
  4. Enter a verification code sent via text to your mobile number.

If you prefer not to enter a mobile number, you’ll have the option to enter and verify a second email address instead. We highly recommend having either a mobile number or backup email address on file so that you don’t get locked out of your account if for some reason you can’t access your primary email address.

 

When do I have to set up multi-factor authentication?

You’ll have the opportunity to set up multi-factor authentication starting two months before the date multi-factor authentication is required for the website you use (SAM, CompOnline, etc.). When you log in, you’ll have the option to go through the setup process, and you’ll continue to get this option each time you log in until you’ve completed it.

If you haven’t completed the setup process by the date multi-factor authentication is required, you’ll have to do so the next time you log in. We recommend completing the setup process as soon as you can to make sure you don’t get interrupted at an inconvenient time.

 

Why should I provide a mobile number or backup email?

There are a number of reasons why you might not be able to access your primary email inbox, and we don’t want you to get locked out of your SFM account if that happens. We ask for either a mobile number or second email address so you can still receive your verification code in the event your primary email inbox isn’t accessible.

 

What if I don’t have a mobile number, or prefer not to enter it?

When we ask for your mobile number, we’ll give you the option to specify that it is not to be used for anything other than multi-factor authentication. If you’ve selected this option, SFM employees will not be able to see your mobile number. If you still prefer not to enter a mobile number, you will have the option to enter a second email address as a backup contact method instead.

 

What if I didn’t receive the email with my verification code?

Please first check your spam filter. If you find the code there, please add customer_service@sfmic.com as a contact or add us to your safe sender list so that future verification codes go to your email inbox. If you’re not sure how to do this, please contact your information technology support staff for help.

 

I’ve been using someone else’s account, and I need to get my own. How do I do that?

If you use SFM Agency Manager (SAM) or CompOnline, and your organization has a SAM or CompOnline administrator, they can easily set up a user account for you. If you do not have an administrator or need to use a different system, visit the account registration page on sfmic.com to register. (Self-insured customers will need to register for an account.)

 

What if I have multiple SFM accounts?

You will need to set up multi-factor authentication separately for each account. You’ll be prompted to enter a verification code to log in every 30 days for each account, and whenever you switch to a different device or web browser, or clear your cookies.