At myHSA, the security of your company's and employees' data is paramount. As a plan administrator you are accessing sensitive financial and health-related information—and ensuring that only you can access that information is a big deal. That's why we strongly recommend using an authenticator app as the method of multi-factor authentication (MFA) over traditional options like text message or email.
Beginning April 21, 2026 Plan Administrators will have the option to set up an Authenticator app connection for their Plan Admin account. This optional period will run until July 2, 2026 at which time it will become mandatory to set up.
1. Authenticator Apps Are Resistant to Phishing
Text and email MFA rely on networks that can be intercepted or manipulated. If a bad actor gains access to your email or convinces your phone provider to port your number (a technique called SIM swapping), they can get your MFA codes and compromise your account.
Authenticator apps like Google Authenticator, Authy, or Microsoft Authenticator, on the other hand, generate time-based codes that never leave your device and are not transmitted through vulnerable networks. This makes them far less susceptible to phishing or social engineering attacks.
2. No Waiting, No Delays
Have you ever waited several seconds (or minutes) for a code to arrive via text or email? Worse—have you had to refresh your inbox multiple times only to realize the code expired?
Authenticator apps generate codes instantly, even without cell service or internet access. That means faster logins and fewer frustrations when you're working on the go or in a low-signal area.
3. Better Protection Against Account Takeover
Email accounts are one of the most commonly targeted entry points in a cyberattack. If your email is compromised and you use it for MFA, your myHSA account becomes a lot more vulnerable.
An authenticator app breaks that chain. Even if your email is breached, the attacker would still need physical access to your phone to get the login code. That additional layer of protection significantly reduces the risk of an account takeover.
4. It’s Easy to Set Up
We get it—change can feel like a hassle! But setting up an authenticator app is quick, simple, and only takes a minute or two. It's also industry standard amongst top data-secure apps and websites. Once it’s set up, logging in becomes second nature. The benefits in terms of peace of mind and protection far outweigh the effort.
5. Regulatory & Ethical Best Practice
As a plan administrator you're not just accessing your own data—you’re managing data on behalf of your company and your employees. Using the most secure login method isn't just good cyber hygiene—it's part of your ethical responsibility to safeguard that information.
Using an authenticator app aligns with industry best practices for secure access to sensitive platforms and demonstrates your commitment to protecting employee data.
6. Consider your Reputation
Consider your business: if an account were hacked and company and employee information exposed—putting someone in a potentially dangerous situation—your entire operation could be at risk.
Questions? Please reach out to support@getmyhsa.com or start a live chat with our team!