In this article:
- Resetting your password
- Multi-Factor Authentication (MFA) by email
- Multi-Factor Authentication (MFA) by text message
- Multi-Factor Authentication (MFA) by authenticator app
- FAQs: Multi-Factor Authentication (MFA)
1. Visit the Compass+ login page https://tools.careersandenterprise.co.uk/oauth/login/plus.
Click on the 'I have forgot my credentials option':
2. A modal will pop up asking you to enter the email address you have previously signed in with. Enter your email address and click send. A password recovery email will be sent to you:
3. An email titled “Password recovery for [users email address] will be sent to you. In the email click on the 'Reset your password' link:
4. Once clicked, you’ll be redirected to a page asking you to confirm your email address and to choose a new password. Once you have chosen your new password, click 'Reset password':
5. A confirmation will be shown saying “your password has been reset”. Now you can login with the newly set password.
We have increased our Compass+ log-in security to now include Multi-Factor Authentication (MFA). MFA is an industry standard security enhancement that will defend Compass+ accounts against hacking attempts.
MFA replaces the requirement where Compass+ users were automatically prompted to update their password after 90-days.
Users will be automatically enrolled in MFA and will only be required to go through the MFA process if their login attempt is considered a risk. For instance, a login has a higher risk factor than usual if the attempted log-in is from:
- A new device
- A new IP address
- A new geographical location.
Each login attempt will automatically be assessed against these and other factors. The vast majority of logins will not be deemed a risk.
If a login triggers MFA, you will see a pop-up window asking you to enter a numerical code:
To verify your identity, you must enter a six-digit code into the box provided, which will be emailed to you (you have 3 minutes to do this before the code expires):
Enter the code into the pop-up window to complete your Compass+ login.
If you do not use the code within 3 minutes, you can choose to verify your identity by text message instead. To do this, click on the link provided:
Note: once you have verified your identity by email for the first time, you will also have the option of using MFA by text or my authenticator app (see below).
MFA by text message
Follow the steps above to verify your identify for the first time by email. If you wish to change to verifying your identify by text message, click on the ‘Click here to set up your mobile phone number’ link. A pop-up window will ask you to enter some details, including your mobile phone number:
Enter your details and click on the ‘Set up’ button. You will receive a code by text message and will be asked to enter it into the box provided:
You will be then taken back to the Compass+ login screen, where a message at the top of the screen will confirm that your MFA choice has been updated:
The next time you log-in with your email address and password, a code will be sent to your mobile phone, and you will be asked to enter this into the box provided:
You can choose to switch MFA by text message on or off by visiting the 'My profile & Settings' section of Compass+. Firstly, click on ‘My profile & Settings’ to the top-right of the screen:
Then select the Multi-Factor Authentication tab:
Click on the ‘Text message authentication’ slider and a pop-up window will ask you if you wish to set up MFA by text message (if you are choosing it for the first time):
Click on ‘Continue’ and enter your mobile phone number:
You will be then sent a code by text message, and asked to enter it in the box provided:
Click on ‘Authenticate’ and a pop-up window will confirm that authentication of your phone number is complete:
If you then wish in the future to turn MFA by text message on or off, you can do so by using the slider provided.
Using an authenticator app for MFA
If you would be prefer to use an authenticator app for MFA, you can update your MFA settings in the 'My profile & Settings' section of Compass+ once you have logged in. Firstly, click on ‘My profile & Settings’ to the top-right of the screen:
Click on the third tab: Multi-Factor Authentication:
Select ‘App Authentication’ from the slider at the bottom of the screen:
A pop-up window will notify you that you need a smartphone to continue, and be ready to use an authenticator app such as Google Authenticator or Microsoft Authenticator. When you are ready to proceed, select ‘Continue’:
You will then be asked to scan a QR code (if you cannot scan the code, you can enter the text provided below it). Once you have scanned/entered the code, your authenticator app will show a six-digit code that you need to enter in to the field provided in the pop-up window to verify your setup:
Once you have completed this, another pop-up window will confirm that you have been successful:
MFA has now been set up to use your authenticator app:
If you wish to switch off app authentication, you can do so by moving the ‘App authentication’ slider back to the left. A pop-up window will ask you to confirm that you want to proceed, and enter a code that has been emailed to you:
Question: I am a Compass+ user. Do I need to do anything now to update my login details to take account of MFA?
Answer: No. All Compass+ users will automatically have MFA applied to their accounts, and you will only be asked to change your password if your login is deemed a risk (see above).
Question: Should I still change my password every 90 days?
Answer: Although the requirement for Compass + users to change passwords every 90 days has been removed, users are still able to change their passwords every 90 days if they so wish – or as frequently as they need to.