Two Factor Authentication (TFA) is the security process through which an authorized user is required to enter two forms of "authentication" to access one of our Federal Student Aid (FSA) systems. TFA is required to access the Common Origination and Disbursement (COD) website, Electronic Cohort Default Rate Appeals (eCDR Appeals), FAA Access to CPS Online, FSA Partner Connect, National Student Loan Data System (NSLDS®) Professional Access, Student Aid Internet Gateway (SAIG) Enrollment, and the EDconnect software.
TFA requires each authorized user to log in with an FSA User ID and password as well as provide a security code generated by a registered token device. There are two types of token devices:
-
A physical "key fob" token that is in the physical possession of the user. It generates a security code when the user presses a button on the front of the token.
-
A “soft token” that is an application (app) on the user's mobile device. It automatically generates the security code when the app is opened.
In this announcement, we explain why we recommend use of a soft token and provide updated step-by-step instructions for installing and registering a soft token. In addition, we answer commonly asked questions about switching to a soft token.
Soft Tokens – Recommended for All Users with PDPA Approval
Use of a soft token is optional. However, users who have a compatible mobile device and who have received approval from their Primary Destination Point Administrator (PDPA) are highly encouraged to use the soft token app. A soft token provides the same high level of security as the physical token, while offering greater convenience as there is no additional hardware to carry.
If a user receives approval to transition to a soft token, the PDPA must collect and store the unused physical token.
Step-by-Step Instructions
The first attachment to this announcement (titled “How to Switch from a Physical Token to a Soft Token”) provides updated instructions for transitioning to a soft token. The information is for users who are currently using a physical token to log in to FSA systems and who have received approval from their PDPA to switch to the soft token app.
The second attachment to this announcement (titled “How to Install and Register a TFA Token for New Users”) provides detailed information on both the soft token app and the physical token and is aimed at new users of TFA. We recommend that the document is stored by each institution's PDPA and be provided to staff during the enrollment process.
Note: As a reminder, a user must have an FSA User ID and password prior to registering a token. To obtain an FSA User ID, select the FSA User ID Registration tab on the left side of the SAIG Enrollment website home page, provide identifying information, and follow the remaining registration steps. Once the registration process (which includes password creation) has been completed, including establishing a password, the FSA User ID will be emailed to the user.
Questions and Answers
Q1: What do I need to do to transition to a soft token?
A1: If you have received approval from your PDPA and are ready to transition from a physical token to a soft token, follow the instructions in the first attachment to this announcement, titled "How to Switch from a Physical Token to a Soft Token." The entire process should take no more than 15-20 minutes, and your new soft token will be ready for immediate use.
If you are a new user of TFA, review the information in the second attachment to this announcement, titled "How to Install and Register a TFA Token for New Users," and consult with your institution's PDPA.
Q2: Can I have more than one soft token (e.g., on a phone and on a tablet), or a physical token and a soft token?
A2: No. Each FSA User ID can only be associated with one token (one physical token or one soft token) at a time. When you register your soft token, your physical token will no longer be available for your use.
Q3: What do I do with the physical token, once I have transitioned to the soft token?
A3: You must return the physical token to your institution's PDPA for storage or use by another employee. Do not send the physical token back to FSA.
Q4: Can I switch back to a physical token if I need to?
A4: Yes. You will need to re-register the physical token using the "Replace and Register" option in the TFA self-service menu. Begin by choosing "Register/Maintain Token" from the login screen of the FSA system you need to access and follow the steps. If you need assistance, contact the TFA Support Center at 1-800-330-5947, option 2 or by email at support@aimstfa.ed.gov.
Q5: What if I replace my mobile device?
A5: If you replace your mobile device, you will need to download the VIP Access app and complete the registration steps again.
Q6: What if I update the iOS or operating system on my mobile device?
A6: Updating the operating system should not impact your use of the VIP Access app.
Q7: Is there a cost associated with the soft token?
A7: We recommend using Wi-Fi if possible when downloading the VIP Access app to your mobile device. The app is free; however, carrier charges may apply for download and activation. A mobile data plan with Internet access is required. FSA is not responsible for any data charges incurred when downloading the app. Once activated, using the VIP Access app does not transfer data to or from your mobile device.
Q8: What if I do not have a compatible mobile device?
A8: We will continue to provide physical tokens to users who do not have a compatible mobile device or who cannot use a soft token for other reasons (such as a workplace limit on use of mobile devices).
Contact Information
If you have questions about TFA or the use of a soft token, contact the TFA Support Center at 1-800-330-5947, option 2 or by email at support@aimstfa.ed.gov.
For questions specific to downloading or installing an application on your mobile device, we recommend you contact the manufacturer or vendor of the device.