In most circumstances, you will only be required to authenticate once every 90 days. If you access your account from a different device or physical location, or attempt to update your security settings, you may be asked to authenticate inside of the typical 90-day period.

No. PEMCO has made the decision to apply multi-factor authentication when accessing our resources and is partnering with one of the primary players in the cyber-security industry. Based on their research and expertise, they have deemed email as a method that is NOT secure enough to deliver the second factor of authentication required for access.

A few reasons why this is the case:

• Email accounts have been hacked
• Not all email vendors provide the same level of security for access requirements
• Most email vendors can be simultaneously accessed from multiple devices and locations

Therefore, email does not prove to be a valid second form of authentication.

Our security partner has allowed authentication via the Microsoft authenticator app, (which provides the ability for passwordless authentication and push notifications), a phone call, or text messaging.

We're confident these methods will provide our agents with the ability to quickly and securely access PEMCO resources. If there are further questions, please contactyour territory manager.

Yes. While PEMCO recommends the Microsoft Authenticator app, you may opt to use an app you already have on your phone. Note that unlike the Microsoft app which requires only a tap each time you authenticate, a third-party app will require an additional step: the app will generate a temporary code, which you will need to manually enter.

To register a third-party authenticator app, start at your PEMCO 365 account configuration page: https://mfa.pemco.com. Select Add method. In the popup that opens, DO NOT select Next. Instead, select I want to use a different authenticator app:

Follow the instructions to add your PEMCO account to your third-party app.

You may authenticate via a live phone call to your office phone. Note that if you are on an active call while using this method, you will need to briefly put that call on hold to complete authentication.

MFA setup instructions for phone

Reminder: In most circumstances, PEMCO requires you to authenticate every 90 days, so while this method may cause a brief disruption to your work, it is only required four times a year.

In most circumstances, you will only be asked to authenticate once every 90 days. For added security, you will receive additional notification within 90 days in these instances:

• Every time you access your Microsoft account security settings (where you register your phone or the authenticator app or make changes to your information)
• The first time you sign into the PEMCO Agent Website from a different IP address (for example, if you normally sign in from your agency location, but occasionally you sign in from your home). Once you sign in to the PEMCO Agent Website from a new IP address, you won’t be prompted for multi-factor authentication again for 90 days.

Yes, but only at first. As a security measure, the system will detect sign-ins from different geographic locations and may require re-authentication at each new location. The system will quickly learn that travel is normal for you and will determine that you no longer need to re-authenticate at every new location.

No. Desktop authenticators have been proven insecure. Read one recent example.