GSA has released the official notice informing users that text message (SMS) and voice call authentication methods will be retired for systems using GSA/Okta authentication.
What is changing:
- SMS (text message) and voice call authentication will no longer be available after February 1, 2026.
- Users will not be able to select or use these methods for multi-factor authentication (MFA) once they are retired.
Why this change is happening (as stated in the notice):
- SMS and voice call methods are being retired due to security risks associated with these authentication options.
- GSA is moving users to more secure authentication methods supported by Okta.
What authentication methods will remain available
Users are encouraged to use one or more of the following:
- Okta Verify
- Google Authenticator
- Email authentication
What users are expected to do:
- Users who currently rely on SMS or voice calls should add at least one alternate authentication method before the retirement date.
- Users can manage and update their authentication methods through their Okta account settings.
What happens if no action is taken:
- Users will not be permanently locked out.
- If a user attempts to log in after February 1, 2026, and only SMS/voice is configured, they will be prompted to set up a new authentication method at that time.
Support guidance:
- If a user loses access to their authentication method (for example, phone change or app removal), they can update or reset MFA options through the system.
- If access issues persist, users should contact the application-specific help desk.