1. What is Multi-Factor Authentication (MFA)?
 MFA is a security measure that requires two or more verification methods to gain access to an account. This adds an extra layer of protection beyond just a username and password.  


2.  How do I set up MFA in WHOPRS?

  • Step 1: Log in to your WHOPRS account. Enter your Username and Password. This will trigger a verification email to be sent to your email linked to your user account. If you did not receive the verification email follow the troubleshooting recommendations below.
  • Click Change User Email on the login page. Enter your username and password. A new screen will pop up. If the email is not correct put in the new email and click Save.  The verification email will be sent to the new email address on file.  If the email is correct, you can click Back.
  • If the email is correct, check spam. 
  • If the email is not in your spam and it is a company email address, maybe the email is getting blocked.  Click Change User Email on the login page. Change the email to a personal email address just to see if you are receiving the email.  If you are, then you need to contact your IT to help you unblock the WHOPRS email address dmawhoprs@widma.gov.
  • If you are still not getting the email after trying all these recommendations, submit a ticket to the WHOPRS Helpdesk and we will help you get in.
  • Step 2: Click on the link in the verification email in order to verify your user account.
  • Step 3: Login by entering your Username and Password. This will trigger the email with the One-Time Password (OTP).
  • Step 4: Enter the 6 digit OTP in the pop up window.  The OTP expires after 10 minutes.  If your session times out after 10 minutes you can click the Resend OTP to trigger a new OTP or you can try logging in again to trigger a new OTP.
  • Step 5: When logging in for the first time, you will be brought to the Update User Profile Page.  You will need to change your Password Hint Question and Answers and click Save.


3. Why is my OTP not working?

  • Check the expiration: The OTP expires after 10 minutes. Ensure you’re entering it before it times out.
  • Correct code: Double-check that you’ve entered the code exactly as received, without any extra spaces or characters.  If copy and paste is not working,   type in the code into the screen. 
  • Most recent code: If you triggered a new OTP, ensure you are using the most recent email with the most recent OTP code.


4.  How often do I need to verify my identity with MFA?
 You will be required to enter the OTP every 90 days or each time you log in from a new browser or location.


5. What if I share user accounts?
 If users are sharing a user account, they will not be able to complete the login process without fulfilling the MFA requirments.  Each user can use the "Change User Email" link on the login page to change the email on the account to their own in order to complete the login process.