State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Governor Phil Murphy Lt. Governor Tahesha Way
myNewJersey Logo

myNJ Multi-Factor Authentication (MFA) Overview

Multi-factor authentication (MFA) keeps your account more secure because you log in with two "factors": your ID and password, which are "something you know", and a unique code that's displayed on "something you have", such as a mobile phone, or the browser on your computer or tablet. The code will be different each time you log in, so it's called a one-time password or OTP.

MFA options in myNJ

You use MFA when you log in, but first you have to register a second factor. In myNJ, your second factor can be an authenticator app on a mobile phone or tablet, or in your browser. You can also use text messages sent to your mobile phone.

When you add some services to your myNJ account, you'll have to add a second factor during the login process if you haven't registered one already. You can also add or change your second factors after you log in using the MFA section of myNJ's "my account" page.

If myNJ is saying you must register an MFA device, follow these steps

Some services you've added to your myNJ account require you to use MFA. For example, this message may appear when you're signing up for a service:

Image of 'one more step' message during signup when you have a service that requires MFA

myNJ will show this page if you haven't registered a second factor yet, even if the previous message isn't displayed:

Image of second factor choices during login when you have a service that requires MFA

Click or tap the "What is MFA?" and "What are my options?" questions to learn more, and then choose the type of MFA you want to register:

Image of second factor choices and explanations during login when you have a service that requires MFA

Register an authenticator app

Before you start, be sure you've read the additional instructions, including installing your app. Then follow the steps in order:

Image of registering authenticator app during login when you have a service that requires MFA

After you click or tap Verify, myNJ will ask if you want your browser to be remembered at your current location. If you choose Yes, myNJ won't prompt you for a one-time password code if you log in to myNJ again from this location in the next week or two. If you choose No, you'll be prompted to enter a one-time password the next time you log in from here.

Image of registering authenticator app during login when you have a service that requires MFA

Register your mobile number for text messages

Before you start, please note the following about SMS text messages. Message and data rates may apply. Message frequency varies: you'll receive at most one message per login. For our contact information, reply HELP for help. For opt out instructions, reply STOP. Please read our privacy notice. Our terms of service will be displayed when you're registering your mobile number and are also shown below.

Enter your 10-digit number in the input box and click or tap the Send Code button:

Image of registering mobile number for SMS text messages during login when you have a service that requires MFA

A one-time-use code will be sent as a text message to your phone. Enter the code from your phone on this page to verify you have the phone and didn't mistype your number:

Image of entering SMS text message verification code during login when you have a service that requires MFA

After you click or tap Update, myNJ will ask if you want your browser to be remembered at your current location. If you choose Yes, myNJ won't prompt you for a one-time password code if you log in to myNJ again from this location in the next week or two. If you choose No, you'll be prompted to enter a one-time password the next time you log in from here.

Image of registering authenticator app during login when you have a service that requires MFA

Cancelling registration during login

If you're not able to register a second factor right now, you can click or tap Cancel. However, this leaves your account vulnerable to attackers, so read these instructions, get your second factor ready, and log in again to register a device as soon as possible. This message is displayed if you cancel:

Image of second factor cancelled registration

Changing your MFA settings

After you log in to myNJ, find the "my account" link in the menu next to the "Welcome" message. This is the same page you use to update your name, email address, password and challenge question and answer. The MFA section is at the bottom of the "my account" page:

Image of multi-factor authentication section 'my account' page

Click or tap the headings to read more about MFA and the options you have. If you're going to use an authenticator app, be sure to read the additional instructions and watch the videos:

Image of multi-factor authentication description and options on 'my account' page

If you have services on your myNJ account that require MFA, there will be message that says "Mandatory multi-factor authentication":

Image of mandatory multi-factor authentication message on 'my account' page

If none of the services on your myNJ account require MFA, you can still protect your account by opting in. Check the box that says "Use multi-factor authentication on this account":

Image of multi-factor authentication opt-in checkbox on 'my account' page

After you check the box, register your authenticator app, your mobile number, or both using the steps below.

Register an authenticator app

To register an authenticator app, be sure you've read the additional instructions, including installing your app. Then click or tap the "Authenticator apps" heading:

Image of multi-factor authentication authenticator app section on 'my account' page

Click or tap the Add button and a new browser tab will open. Follow the steps in order, from your own "my account" page:

Image of authenticator app registration. Step 1: open your app. Step 2: enter a nickname for the app. Step 3: scan the QR code or click the Copy button and paste the secret into your app. Step 4: read the 6-digit code your app is displaying and enter it on the myNJ page. Step 5: click or tap the Verify button.

After you click or tap the Verify button, myNJ will display a message confirming the authenticator has been added to your account:

Image of confirmation message that authenticator app has been added

After you close the message page, your authenticator app's nickname appears on your "my account" page:

Image of 'my account' page displaying authenticator app nickname

Click or tap the Update button to save your changes and return to your myNJ landing page.


Register your mobile number for text messages

Before you start, please note the following about SMS text messages. Message and data rates may apply. Message frequency varies: you'll receive at most one message per login. For our contact information, reply HELP for help. For opt out instructions, reply STOP. Please read our privacy notice. Our terms of service will be displayed when you're registering your mobile number and are also shown below.

To register your mobile number so you can receive one-time passwords by text message, click or tap the "Text messages" heading to expand the section and show the terms of service:

Image of text message usage legal language on 'my account' page

Enter your 10-digit number in the input box and click or tap the Send Code button. A one-time-use code will be sent as a text message to your phone. You need to enter the code from your phone on this page to verify you have the phone and didn't mistype your number:

Image of entering SMS verification code on 'my account' page

Click or tap the Update button to save your changes and return to your myNJ landing page.


Opting out of MFA

Some services you add to your account will prevent you from opting out of MFA. If you don't have any of those services and you need to opt out in the future, you'll use the same "my account" page described above. Uncheck the box that says "Use multi-factor authentication on this account" and click or tap the Update button. Keep in mind that if you opt out, you'll have significantly less protection for your account against criminals who use social engineering schemes, brute force attacks and other methods to steal your information.

Log in with multi-factor authentication

Once you've registered an authenticator app or mobile number, you'll need to enter a one-time password after you submit your ID and password on the main login page. myNJ will prompt you based on what you've registered.

If you registered an authenticator app and also a mobile number, you'll be prompted for the one-time password from the app, but you can choose to use a text message instead:

Image of one-time password page for an account with an authenticator app and a mobile number

If you registered an authenticator app but no mobile number, the page will be similar to the one above but you won't have an option to receive a text message.

If you registered only a mobile number, or if you clicked "Send me a text message instead" on the page shown above, myNJ will send you a text message and you'll be prompted for the one-time password from the text:

Image of one-time password page for an account with only a mobile number

After you enter your one-time password, myNJ will ask if it should remember your browser:

Image of remember browser at this location page

If you choose Yes, myNJ won't prompt you for a one-time password code if you log in to myNJ again from this location in the next week or two. If you choose No, you'll be prompted to enter a one-time password the next time you log in from here.




Statewide

NJ Logo
Open Public Records Act logo

Copyright © State of New Jersey, 1996-2024

NJOIT logo