Information Technology Services (ITS) has been notified by WSU’s Multi-Factor Authentication (MFA) vendor that SMS (texting) and Voice Call options for MFA will no longer be available to the university after our contract renewal in June 2025.
ITS will share additional updates regarding best methods and any needed training with the WSU community over the coming year.
Although SMS is WSU’s most used security method due to the familiarity this option offers, it poses significant cybersecurity risks as verification codes sent via SMS messages cannot be encrypted and are easily susceptible to theft, interception, or spoofing by cyber attackers.
At this time, ITS encourages all WSU users to adopt Okta Verify as their primary security method for an improved MFA experience ahead of the upcoming changes to SMS and Voice Call capabilities.
Okta Verify: Adopt Early
Ease of Use
As the top security method used by our teams, Okta Verify is a mobile app that allows you to complete MFA within seconds. This app simplifies the MFA process by enabling you to authenticate with a single tap of a push notification, eliminating the need to enter unique codes manually.
Most Reliable MFA Option
Considered to be Okta’s most reliable MFA option, Okta Verify recognizes and confirms your identity through a device that is in your direct possession, ensuring that you can complete MFA swiftly and securely with the confidence that your WSU account remains protected against unauthorized access.
Set Up Okta Verify Now
Okta Verify is available for iOS, iPad, Android, and Windows smartphones or tablets. The app functions over Wi-Fi and does not require a phone number or cell service to facilitate MFA.
Instructions, including video tutorials, for enabling Okta Verify on your smartphone or tablet are available in this WSU Knowledge Base article.
Available Security Methods
ITS is pleased to confirm that a variety of secure authentication options will continue to be supported and available to WSU users following this June 2025 SMS and Voice Call change:
- Okta Verify: Approve a push notification via this mobile app.
- Google Authenticator: View a time-based one-time passcode via this mobile app.
- Biometric Authenticator: Authenticate via fingerprint or facial recognition.
- Security Key: Insert a physical, specialized key into your device to authenticate.
Learn more about how to configure each security method on account.wsu.edu.
Non-Smartphone Alternative for MFA
If you cannot or do not wish to use a mobile app or biometric authentication for MFA, ITS recommends configuring a security key as your primary method for authenticating.
For assistance activating a security key for MFA, please email Crimson Service Desk, contact your local IT support team, or review the security key WSU Knowledge Base article.
ITS is researching additional security methods for WSU users who rely on SMS or Voice Call to complete MFA and cannot or choose not to access a smartphone or tablet. More information will be provided as MFA services at WSU are further discussed.
Reliability Concerns with SMS Verification
With WSU’s authentication system issuing over six million SMS verification codes in a single year, ITS recognizes the significant impact this change will have on thousands of users across the system.
SMS poses significant cybersecurity risks as verification codes sent via SMS messages cannot be encrypted and are easily susceptible to theft, interception, or spoofing by cyber attackers.
SMS requires consistent access to a strong cell network signal to successfully receive the verification code, and issues including poor or no cell service, phone hardware defects, SIM card changes or malfunction, and more will prevent this security method from working effectively.
Due to its reliance on phone company systems and data, SMS messaging functionalities are also almost always the first to fail during an outage or periods of high service demand.
Read more about real-time security problems occurring with SMS for MFA — and why transitioning away from SMS is highly recommended — in any of the following news articles:
- FBI warns about attacks that bypass MFA | ZDNET
- Microsoft urges users to stop using call & SMS-based multi-factor authentication | ZDNET
- T-Mobile, Verizon workers get texts offering $300 for SIM swaps | Bleeping Computer
- How to Protect Against Evolving Phishing Attacks | NSA
- FBI shares tactics of notorious Scattered Spider hacker collective | Bleeping Computer
Communications to Continue
Additional communications regarding the removal of SMS and Voice Call as security methods for MFA will continue over the next year to ensure a smooth transition to a different or new security method for all impacted users.
We Are Here to Help
With MFA set to change across the WSU system, the Crimson Service Desk team is available to help with any questions or bumps in the road.
As we determine our next steps, ITS also welcomes you to share any feedback via email regarding your MFA experience with the SMS, Voice Call, or other available security methods.
Please email crimsonservicedesk@wsu.edu or call 509-335-4357 for any questions or assistance updating your security method settings.