Multi-Factor Authentication at Nasdaq Signin

Multi-Factor Authentication ("MFA") protects your account by requiring additional authentication next to your username and password. For details of MFA you can watch the Training Video. It's 18 minutes that cover everything on this, and more.

Table of Contents

Available MFA methods

  • Google Authenticator (and compatible)
  • Okta Verify
  • Phone (SMS / Voice OTP, limited availability)
  • Yubikey / Windows Hello / WebAuthn (and compatible)

Google Authenticator (and compatible)

  • What is it?
    Google Authenticator is a term covering a wide range of applications implementing the "TOTP" standard of creating time-based ("T") One-Time Passwords ("OTP"). Nasdaq Signin supports the official Google Authenticator apps on Google Play and Apple App Store, but many other applications capable of scanning the QR Code or entering the "shared secret" may work just as well.
  • How to set it up?
    You can set up this factor during initial enrollment. If you want to enroll it later, you can do it as well: In your Enduser settings unlock your profile with the "Edit Profile" button. Scroll down to "Extra verification" and click the "Set up" button next to "Google Authenticator".
    Step descriptionScreenshot
    Initially you'll see a short description of the upcoming activity and a representation of the "Google Authenticator" factor. Click on "Setup" to begin.
    Select the type of device you want to run Google Authenticator on. Selecting "iPhone" will bring up a link to Google Authenticator on the Apple App Store, selecting "Android" will bring up a link to Google Play. The rest of the enrollment is identical.
    After installing the application, open it and click on the "+" icon in the lower right corner (design may vary) and tap on "Scan barcode". Your camera will open up to scan the QR code on screen. A message will notify you when the scan was successful. If you can not scan the QR code, please click on "Can't scan?" and go to the next step.
    If you successfully scanned the QR code in the step before, you can skip this step.
    If you can't scan the barcode, you can instead click on the "+" icon in the lower right corner and select "Enter a setup key" instead. In the upcoming form, enter an Account name (ie: Nasdaq Signin), enter the key displayed (in this example: QBQ3ET7IPICQYOAQ) and for "Type of key" select "Time based".
    Finally, to verify your setup was successful, input the current code displayed in the Google Authenticator application into the form and click "Verify". If the code is correct, setup will be complete and you can use Google Authenticator for authentication in the future.

Okta Verify

  • What is it?
    Okta Verify is a proprietary app available on Google Play and Apple App Store. It offers an easier to use authentication through Push Messages instead of reading and entering a 6-digit code as Google Authenticator does. Tapping on "Yes" or "No" on the phone's screen completes the login.
  • How to set it up?
    Step descriptionScreenshot
    Initially you'll see a short description of the upcoming activity and a representation of the "Okta Verify" factor. Click on "Setup" to begin.
    Select the type of device you want to run Okta Verify on. Selecting "iPhone" will bring up a link to Okta Verify on the Apple App Store, selecting "Android" will bring up a link to Google Play. The rest of the enrollment is identical.
    After installing the application, open it and click on the "+" icon in the upper right corner (design may vary) and tap on "Other", then on "Scan a QR code". Your camera will open up to scan the QR code on screen. A message will notify you when the scan was successful. If you can not scan the QR code, please click on "Can't scan?" and go to the next step. If you successfully scanned the QR code, your enrollment is complete.
    If you successfully scanned the QR code in the step before, you can skip this step.
    If you can't scan the QR code, you can have the enrollment link sent to you by SMS (enter your phone number), email (enter your email address that you can open on your phone) or enter the secret key manually. The last option will disable push notifications for logins, which will reduce functionality of Okta Verify to that of Google Authenticator.

Phone (SMS / Voice OTP, limited availability)

  • What is it?
    The Phone factor combines the former "SMS" and "Voice OTP" factor into a single enrollment.
    SMS is one of the most ubiquitous and, unfortunately, most insecure methods of Multi-Factor Authentication. Instead of an application on your phone generating a 6-digit code, a code is sent to your phone by text message.
    Voice OTP is the least secure of the available methods. Nasdaq Signin will call your phone and a robot voice reads you a 6-digit code.
    The Phone factor is available only for very few applications, and we recommend setting up at least one other factor beside this.
  • How to set it up?
    Step descriptionScreenshot
    Initially you'll see a short description of the upcoming activity and a representation of the "Phone" factor. Click on "Set up" to begin.
    Select your country and enter your phone number (without the country code). You can opt to verify the phone number either by receiving an SMS code (you must be able to receive text messages on that number) or by receiving a Voice call (you must be able to receive phone calls on that number). To get a verification code click on "Receive a code via SMS" or "Receive a code via voice call", depending on your choice.
    A new input field will appear. Enter the code sent to you by SMS or voice call in that field and click on "Verify" to complete the enrollment.

Yubikey / Windows Hello / WebAuthn (and compatible)

  • What is it?
    The "WebAuthn" method uses a hardware token (usually a USB stick) to authenticate you. Other options may use a face scan by camera or a fingerprint reader. This option is very specific to your hardware and as such individual instructions for setup and usage should be obtained from your specific device.
    This example will go through enrollment of a USB Yubikey device.
  • How to set it up?
    Step descriptionScreenshot
    Initially you'll see a short description of the upcoming activity and a representation of the "Security Key" factor. Click on "Setup" to begin, or "Setup another" if you already have a security key enrolled. You can have multiple keys enrolled and ready to use at the same time, but only one will be required for authentication.
    Many devices supporting the "WebAuthn" protocol can be used for authentication: Yubikeys, Windows Hello, Browser plugins for government IDs, some fingerprint readers and more. The prompt will vary depending on the solution you choose. Start the enrollment by clicking on "Enroll".
    After starting the enrollment, Firefox may ask you if you want to provide the Model of your device to Nasdaq Signin. You can choose to allow or decline that, either will work. If you allow it, your profile will show the model information, but if you decline it it will simply read "Authenticator". Actual authentication will not be impacted.
    After making a choice, your USB key will start flashing. Click on the button to finish the enrollment.

© 2022, Nasdaq, Inc. All Rights Reserved.