Once installed, the Microsoft Authenticator App is the easiest and quickest method for authentication. When prompted, you’ll get an instant notification on your phone which you simply tap to approve. That’s it!

In addition, use of the app helps PEMCO provide quicker support if issues arise, plus it allows for account backup within the app, so when you get a new mobile device it's quick and easy to restore your access.

"I really prefer using the Microsoft Authenticator App – it’s easier and faster than some of the log-in processes other carriers are using,” said Erica Baker of A&M Insurance Services, one of our early testers. “When you log in to PEMCO with the app, you get a simple pop-up on your cell phone. You just tap ‘yes’ to confirm it’s you logging in, and you’re done in less than a minute!"

No. The app will never ask nor otherwise seek to gain access to any information on your phone. It’s simply a lightweight and secure way for our system to verify that you are who you say you are.

Be sure to download and install the Microsoft Authenticator app. The MS app will not cost anything to install/use, and will never include ads or in-app purchases. In some cases, the Microsoft Authenticator app may not be the top result when you search the app store.

Yes. Before starting the enrollment process, be sure you are signed in to your PEMCO account.
Here’s how

Possibly. If you're using a password management tool such as RoboForm or LastPass and running into an access issue, check your settings in the tool. Verify that your password is current/correct, and that the PEMCO Agent site URL is set to https://pemcoins.sharepoint.com/sites/pemcoagents.

Upon completion of your enrollment, you should receive a success notification like this:

If you don’t see a notification, or if at any time you wish to check your enrollment status, you can access your security settings at https://mfa.pemco.com/. This window will list your registered authentication methods.

You may authenticate via a live phone call to your office phone. Note that if you are on an active call while using this method, you will need to briefly put that call on hold to complete authentication.

Reminder: In most circumstances, PEMCO requires you to authenticate every 90 days, so while this method may cause a brief disruption to your work, it is only required four times a year.

No. PEMCO has made the decision to apply multi-factor authentication when accessing our resources and is partnering with one of the primary players in the cyber-security industry. Based on their research and expertise, they have deemed email as a method that is NOT secure enough to deliver the second factor of authentication required for access.

A few reasons why this is the case:

• Email accounts have been hacked
• Not all email vendors provide the same level of security for access requirements
• Most email vendors can be simultaneously accessed from multiple devices and locations

Therefore, email does not prove to be a valid second form of authentication.

Our security partner has allowed authentication via the Microsoft authenticator app, (which provides the ability for passwordless authentication and push notifications), a phone call, or text messaging.

We’re confident these methods will provide our agents with the ability to quickly and securely access PEMCO resources. If there are further questions, please contact your territory manager.

No. Desktop authenticators have been proven insecure. Read one recent example

Yes. While PEMCO recommends the Microsoft Authenticator app, you may opt to use an app you already have on your phone. Note that unlike the Microsoft app which requires only a tap each time you authenticate, a third-party app will require an additional step: the app will generate a temporary code, which you will need to manually enter.

To register a third-party authenticator app, start at your PEMCO 365 account configuration page: https://mfa.pemco.com.
Select Add method. In the popup that opens, DO NOT select Next. Instead, select I want to use a different authenticator app:

Follow the instructions to add your PEMCO account to your third-party app.

No. Our security partner has allowed authentication via the Microsoft authenticator app, (which provides the ability for passwordless authentication and push notifications), a phone call, or text messaging.

We’re confident these methods will provide our agents with the ability to quickly and securely access PEMCO resources. If there are further questions, please contact your territory manager.

In most circumstances, you will only be required to authenticate once every 90 days. If you access your account from a different device or physical location, or attempt to update your security settings, you may be asked to authenticate inside of the typical 90-day period.

In most circumstances, you will only be asked to authenticate once every 90 days. For added security, you will receive additional notification within 90 days in these instances:

• Every time you access your Microsoft account security settings (where you register your phone or the authenticator app or make changes to your information)
• The first time you sign into the PEMCO Agent Website from a different IP address (for example, if you normally sign in from your agency location, but occasionally you sign in from your home). Once you sign in to the PEMCO Agent Website from a new IP address, you won’t be prompted for multi-factor authentication again for 90 days.

Yes, but only at first. As a security measure, the system will detect sign-ins from different geographic locations and may require re-authentication at each new location. The system will quickly learn that travel is normal for you and will determine that you no longer need to re-authenticate at every new location.

Yes. Any time you clear your browser cookies, you will need to re-authenticate and the 90-day timer will begin again.