Member and employer online accounts will be unavailable on Saturday, May 2 between 6:00 a.m. and 8:00 p.m. while enhancements are completed to support added security (Multi-Factor Authentication) to our online systems.
Help with Added Security to Your Employer Account
If you have questions about added security, or you're running into trouble, you'll find answers below. If you don't see your question here, reach out — we're happy to help.
Common Questions
Do I have to set this up right now?
You can choose "Set up later" when prompted to sign in. That said, we encourage you to set it up sooner rather than later. Your account becomes more secure the moment it's enabled.
What if I don't have a smartphone?
You can still use added security. While mobile devices are most commonly used, some authenticator apps work on desktop or laptop computers running Windows, macOS, and Linux. Proton Authenticator is one option that works on a desktop or laptop. You can learn more about choosing an authenticator on Choosing an Authenticator page.
If you need help finding an option that works for your situation, please contact us.
Do I have to use a specific authenticator app?
No. We have recommended a few options but you can choose any authenticator app you prefer. If you already use one for work or other personal accounts, that same app is very likely to work for your PEPP Employer account.
Can I switch to a different authenticator app later?
Yes. You're not locked into one app and can switch at any time.
Does the authenticator app see my account or password?
No. The app doesn't see your username or your password. It only generates a temporary 6-digit code to confirm your identity when you sign in.
If Something Goes Wrong
What happens if I get a new phone or lose my device?
We can help you recover access — you won't lose your account. Contact us and we'll guide you through resetting your added security on a new device.
You can make future device changes easier by turning on the backup feature before you switch devices. Most authenticator apps will then move over automatically. If you do lose access, please contact us and we will assist you.
What if I'm locked out of my account?
Added security automatically blocks access after several incorrect sign-in attempts. If this happens, contact us. We'll verify your identity and help you regain access to your account.
What if my code isn't working?
The 6-digit code changes every 30 seconds, so make sure you're entering the most recent one. If a code expires before you enter it, wait for the next one to appear in your authenticator app.
If your code still isn't working after a few tries, double-check that you're on the correct step in the process. If problems continue, please contact us for support.
Why not use text or email for security codes?
An authenticator app provides stronger protection than text or email codes. Text and email codes can be intercepted through phishing, SIM card swapping, or hacked email accounts — meaning someone else could receive those codes without you knowing.
Authenticator apps work differently. The code is generated right on your device and never travels over the internet.
Why use a third-party app?
Integrating MFA directly into the PEPP Employer online platform would require storing additional sensitive authentication data alongside employer information, increasing the potential risk in the event of a breach.
Using a third-party provider allows us to rely on dedicated security expertise and continuous monitoring, rather than trying to build and maintain that level of protection on our own.
Third-party providers specialize in identity security. Their systems are designed specifically to detect and respond to threats, with continuous monitoring and regular security updates.
The app generates a 6-digit code and nothing more. It doesn't see your pension information, your password, or anything else about your account.
Are you considering other security methods like passkeys?
Yes. We continuously evaluate emerging security technologies as they mature, including passkeys (also known as FIDO2-based authentication) and other passwordless options. Authenticator apps are our current choice because they're built on a mature, open standard that works reliably across every device — phone, tablet, or computer — without requiring employers to have specific hardware or upgrade their technology before they're ready.
When we adopt new security methods, we want to make sure they're reliable, accessible, and built for everyone we serve. We appreciate feedback like this — it helps us make better decisions.
Still Need Help?
If you have a question that isn't answered here, please contact us.