FHA Implements Multifactor Authentication for FHA Connection

The Federal Housing Administration implemented a new phishing-resistant multi-factor authentication (MFA) for its FHA Connection (FHAC) system. The phishing-resistant MFA is available now to all FHAC users and becomes mandatory beginning July 28, 2025.

Why it’s important: According to FHA INFO 2025-27, published on June 3, this new phishing-resistant MFA security feature is part of FHA’s ongoing commitment to maintaining secure lender, borrower, and stakeholder data while advancing identity management and access control capabilities. This enhancement also helps ensure that login credentials are not shared or exposed to attacks.

Bottom line: It is recommended that users set up and begin using this enhanced security feature as soon as possible. Users who do not implement this new security feature by July 28th will not be able to access FHAC. This requirement does not impact users who connect to FHAC through the Business-to-Government interface.

Instructions for Phishing-Resistant MFA OKTA FASTPASS and FID02 Installation

 I – STEPS FOR OKTA FASTPASS INSTALLATION (Recommended):

1. Download OKTA Verify to your workstation. Several options are below:
   • The installation routine for Windows can be found at: https://okta.hud.gov/api/v1/artifacts/WINDOWS_OKTA_VERIFY/download?releaseChannel=GA&packageType=EXE 
   • The installation routine for MAC OS can be found in the MAC App Store.
   • The installation routine for iOS can be found in the Apple App Store.
   • The installation routine for Android can be found in Google Play.
2. Run the installer, select the checkbox to agree to the License terms and conditions, then click the Install button.
3. Once the installation is complete, click the Finish button.
4. From the Windows Start menu, open OKTA Verify.
5. Click Get Started.
6. Select Next at “How it works” screen.
7. In New Account, enter “okta.hud.gov” and choose Next.
8. Log into OKTA with your user ID, password, and code. Set OKTA Fast Pass as your default in the new OKTA Verify browser.

You are now set up with OKTA Fast Pass. Next, take the following steps:

1. Log into FHA Connection.
2. Sign in using OKTA FastPass.
3. OKTA Verify will ask you if you are trying to sign in.
4. Select “Yes, it’s me”.
5. You have now successfully entered FHA Connection using Phishing-Resistant MFA (OKTA FastPass).

II – STEPS FOR FIDO2 AUTHENTICATION FACTOR INSTALLATION WITHIN THE OKTA PORTAL (Requires Windows Hello or MAC/Linux equivalent):  

1. Go to the FHA Connection home page (https://entp.hud.gov/clas/index.cfm) and click OKTA Setup.
2. Log into OKTA using the same user ID/Password/Factor used when logging into FHA Connection.
3. Click on your name at the top left corner of the screen and then select “Settings” (located on right side of the screen).
4. Once in Settings select Set Up for “Security Key or Biometric Authenticator”.
5. Following Set Up selection you will be prompted to log into FHA Connection.
6. Once you log in, you will be prompted to enter your FIDO2 PIN. This will have been established when you set up FIDO2 on your workstation.
7. You have now successfully entered FHA Connection using Phishing-Resistant MFA (FIDO2).

Please note you will need to allow FIDO2, an industry standard, to be turned on at your workstation. The Windows implementation of FIDO2 is Windows Hello. MAC and Linux also have implementations of FIDO2. If you choose FIDO2, your organization will be responsible for any configuration changes to your workstation to allow FIDO2.