Multi-Factor Authentication (MFA)

LiteBlue uses multi-factor authentication (MFA) to confirm it’s really you signing in. After MFA is enabled, you’ll enter your EIN and password, then complete a second step—like approving a push notification, entering a one-time code, or using a passkey.

What is LiteBlue MFA?

MFA is an extra security layer that helps protect your account even if someone knows your password. When you sign in, LiteBlue may ask you to:

  • approve a prompt in an app (push notification),
  • enter a time-based 6-digit code, or
  • use a passkey/security key (biometric or hardware key).

Before you start

  • Plan to finish setup in one sitting. Many users have about 15 minutes to complete MFA setup after signing in. If time runs out, the system may sign you out and send you back to the start.
  • Use the device you’ll normally use for LiteBlue (especially if you’re setting up app-based verification).
  • Keep your EIN, password, and verification codes private. Never share one-time codes with anyone.

How to set up MFA on your LiteBlue account

1) Start sign-in

  1. Open LiteBlue in your browser (phone or computer).
  2. Select Sign In.

2) Enter your EIN and password

  1. Enter your Employee Identification Number (EIN) and continue.
  2. Enter your password (or a temporary password if you were issued one), then confirm/verify.

3) Update your password (if prompted)

  1. If the system requires a password change, create a new password that meets the on-screen rules and submit it.

4) Confirm identity (if prompted)

  1. You may be asked for the last 4 digits of your SSN. Enter it and continue.

5) Pick your primary MFA method

  1. Choose a security method and complete setup. You must set up at least one method.

6) Add a backup method (recommended)

  1. After your first method is active, add a second method if available. A backup is helpful if you change phones or lose access to a number/app.

7) Create a security question

  1. Set a security question and answer if prompted. If it doesn’t appear during your first login, it may be required the next time you sign in.

Once complete, your account is ready. On future logins, you’ll use the MFA method(s) you configured.

Choose an MFA method (what to use)

If you’re not sure which option to pick:

  • Okta Verify (push/code): Fast and convenient. Push approval is easy.
  • Google Authenticator: Reliable 6-digit codes, works well as a backup.
  • SMS text: Simple, but can be delayed by carriers and may be less reliable while traveling.
  • Voice call: Useful if you can’t receive texts.
  • Passkey/Security key: Strong security using biometrics or hardware keys (best when supported by your device).

Set up each MFA method

Okta Verify (push notification or code)

  1. Install Okta Verify from your phone’s app store.
  2. Open the app and start setup (often Get StartedAdd Account).
  3. On the LiteBlue MFA screen, choose Okta Verify and begin setup.
  4. When prompted, allow camera access and scan the QR code shown on your computer.
  5. Turn on push notifications if offered (commonly the preferred option).
  6. Optional: enable Face ID/biometric unlock in the app (not required).
  7. Finish setup and confirm it works (you may receive a test prompt).

Google Authenticator (6-digit code)

  1. Install Google Authenticator from your phone’s app store.
  2. Open the app and choose Scan a QR code (or similar option).
  3. On LiteBlue USPS, select Google Authenticator and start setup.
  4. Scan the QR code using the Authenticator app.
  5. The app will generate a 6-digit code. Enter the code on LiteBlue and confirm to complete setup.

Phone (SMS text message)

  1. Choose Phone as your method and select SMS.
  2. Enter a phone number that can receive text messages.
  3. Request a code, enter the code you receive, then confirm/verify.

Phone (Voice call)

  1. Choose Phone as your method and select Voice call.
  2. Enter a phone number where you can answer a call.
  3. Request the call, enter the 6-digit code that is read to you, then confirm/verify.

Passkey / Security key (biometric authenticator)

  1. Choose Security Key / Biometric Authenticator (Passkey).
  2. Select the option to use a phone, tablet, or security key.
  3. Scan the QR code (if shown) and follow the on-device prompts.
  4. Save the passkey and complete verification to finish setup.

How to sign in after MFA is set up

  1. Open LiteBlue and select Sign In.
  2. Enter your EIN and password.
  3. Complete the MFA step based on your method:
  • Okta Verify: approve the push notification, or open the app and enter the code.
  • Google Authenticator: open the app and enter the current 6-digit code.
  • SMS: enter the 6-digit code from the text message.
  • Voice call: answer the call and enter the code provided.
  • Passkey/security key: approve the biometric/security key prompt.

Transfer Okta Verify to a new phone

If you changed phones, you’ll typically need to add Okta Verify again on the new device.

General approach:

  1. Sign in to your USPS login/security settings page (using your usual credentials).
  2. Complete verification using an available method.
  3. Find Okta Verify under security methods and choose the option to set it up on another device (wording can vary).
  4. On your old phone (if you still have it), open Okta Verify and look for an option like add/transfer account to another device.
  5. Follow the prompts to complete the move and confirm the new phone works.

If you no longer have the old phone or can’t access any verification method, you may need official support help to regain access.

Quick fixes for common MFA problems

Code not arriving (SMS)

  • Wait a minute and request a new code (avoid rapid repeats).
  • Confirm the phone number is correct.
  • Try switching to another method (authenticator app or voice call) if available.
  • Restart your phone and ensure you have signal.

Push notification not showing (Okta Verify)

  • Make sure notifications are allowed for Okta Verify.
  • Open Okta Verify directly—many apps show the code inside even if push is off.
  • Check “Do Not Disturb” or battery saver settings.

Wrong/expired code

  • Codes refresh quickly. Enter the newest code and submit right away.
  • Make sure your phone time is set to automatic (authenticator apps can fail with incorrect device time).

Login loop or page won’t load

  • Clear browser cache/cookies or try a private/incognito window.
  • Try a different browser or device.
  • Avoid public Wi-Fi if the page behaves oddly.

New phone number or lost device

  • Use a backup method if you added one.
  • If you can’t access any method, you may need to use official USPS support channels to recover access.

FAQs

Do I need more than one MFA method?

You must set up at least one. Adding a second method is strongly recommended.

Which MFA method is best?

App-based methods (Okta Verify or Google Authenticator) are often more reliable than SMS, especially if texts are delayed.

Why did the setup time out?

If you don’t complete setup within the allowed session time (often around 15 minutes), the system may sign you out for security.

Can I use LiteBlue on a different device after setup?

Yes, but you’ll still need your MFA method available (your phone/app/passkey) to sign in.

What should I do if I can’t access any MFA method?

If you can’t use a backup method and can’t verify, you’ll likely need to follow official USPS recovery/support steps.