MFA Comes to Electronic Filing

The golden age of logging into websites with just a plain old username and password is slowly coming to an end. Nowadays, you often need to have your phone nearby if you want to log in, so you can add a third form of authentication to your login request, typically in the form of a numeric code sent as a text message or received by an authentication app.

This year, the U.S. Courts are beginning to require this credentials juggling act. The technical term for it is multi-factor authentication (MFA) and for attorneys who use PACER and CM/ECF (the federal courts’ electronic filing system) it means that in addition to your password, you’ll need a 6-digit code generated by an authenticator app.

Recommended Authentication Apps

The courts don’t mandate one app, but they recommend several options, and fortunately, they are all free. The recommendations are listed below. We focus on the first three due to simplicity and familiarity.

• Microsoft Authenticator – You may already have this installed on your phone or computer, especially if you already use Outlook or Word.
• Authy – Great if you want backup and the ability to use codes on multiple devices.
• Google Authenticator – Simple, no-frills, and again, you might already be using it since Google remains omnipresent in day-to-day online activities.
• Duo Mobile – Often used by larger firms with IT support.
• FreeOTP – Open-source and more private, but no backup if you lose your phone.

For most, the Microsoft or Google Authenticator is the easiest and most reliable choice.

What if you lose/replace your Phone?

Once you have tied your authentication app to your PACER account, it becomes something akin to a set of keys, so if you don’t plan ahead, “losing your keys” can lock you out of PACER. The good news: the three apps we discuss (Microsoft, Google, Authy) all offer cloud backup, so you can move your MFA codes to a new device. Although this might mean creating yet another account to manage, it’s worth it to get back up and running quickly. Here’s how each works:

• Microsoft Authenticator
• Sign in with your Microsoft account (the same one you may already use for Outlook, Word, or OneDrive).
• Once signed in, Authenticator automatically backs up your MFA entries to your Microsoft account.
• On a new phone, just sign back into that account, and your codes will be restored.

• Google Authenticator
• Link the app to your Google account (the same one you may already use for Gmail or GDrive).
• Turn on “Sync with Google Account” inside the app.
• When you get a new phone, signing into your Google account restores your codes.

• Authy
• Register Authy with your phone number and (optionally) an Authy account.
• Codes are encrypted and synced across devices (phone + desktop).
• On a new device, install Authy, verify your number, and your codes appear.

Don’t Forget Backup Codes

Even if you set up cloud backup, it’s smart to generate PACER backup codes. These one-time use codes can get you back in quickly if something goes wrong with your phone or your account. Pacer will give you a list of codes, and you can use each one once to get into your account, even without an authentication app. If you use them all, you can request more.

Technically, you could skip apps altogether and just use the codes, but the app offers better security and convenience. If you do generate codes, store them securely. Think of them as spare keys you don’t want to lose or let someone else find.

RECAP: Download an authenticator app, enable cloud backup, and enroll with PACER. Generate some backup codes and keep them in a safe place. Welcome to the latest authentication juggling act!