EPFO Introduces 2-Factor Authentication on Employer Portal: A Guide to Changing Mobile Numbers

The Employees' Provident Fund Organisation (EPFO) has recently implemented 2-factor authentication (2FA) on its Employer Portal, adding a crucial layer of security by requiring a One-Time Password (OTP) sent to the registered mobile number for login. While this enhances security, it also raises the need to update mobile numbers promptly in case of changes or loss.

How to Change Your Registered Mobile Number (With Existing Access)

1. Log in to the EPF Employer Portal: Enter your credentials to access your account.
2. Navigate to Profile Settings: Under the 'Profile' section, go to 'Establishment.'
3. Update Mobile Number: Input the new mobile number and click save. An OTP will be sent to the new number for verification.
4. Verify OTP: Enter the OTP received on your new number to complete the update

Steps to Change Mobile Number If You've Lost Access to the Registered Number

1. Visit the EPFO Employer Portal: Go to EPFO Employer Portal.
2. Click on 'Forgot Password': In the login section, choose the 'Forgot Password' option.
3. Generate Request Letter: Click on the “Generate request letter in case of loss of registered mobile number” link.
4. Fill Out the Form: Complete the form by selecting “Register for new request letter” and submit it.
5. Download the Request Letter: If you've already generated the request letter, you can download it by filling in the “Print registered request letter” form.
6. Submit the Request Letter at the EPFO Field Office: Print the request letter and visit the EPFO field office for verification. Once verified, login credentials will be sent to the new mobile number.

Note: The new mobile number will be used only for receiving login credentials . To update the mobile number officially in your EPFO records, use the credentials to log in and update it on the portal.

Suggested Changes to Implementation of 2-Factor Authentication for EPFO Portal (For EPFO and Ministry of Labour and Employment)

Consequences of OTP on a Single Mobile Number

1. Potential Avoidance by Owners: Owners might avoid using their personal mobile numbers, leading to updates with employee numbers, which could prevent EPFO from directly contacting the owner.
2. Missed Important Communications: Notices, payment reminders, and inspections might not reach the owner in a timely manner.
   Security Risks: Critical information may be delayed or missed, potentially compromising security.

Suggested Solutions

Option 1: Allow Multiple Users with Roles - Employers should be able to create multiple user accounts within the EPFO portal, each with its own registered mobile number for receiving OTPs.

Option 2: Increase Login Session Time - Extend the login session duration to 24 hours or implement a "remember system" for 30-60 days to reduce the need for frequent OTPs.

Option 3: Backup OTP Methods on Email - Implement backup OTP methods, such as email OTPs or alternate numbers, to ensure continuity in case of issues with the primary mobile number.

Option 4: Opt-Out Option for 2FA - Employers could have the option to opt out of 2FA for each login, with a declaration that they assume responsibility for any fraudulent activity resulting from their login.

These changes would not only improve the user experience but also maintain the necessary security for handling sensitive EPFO information.

All employers, consultants, HR professionals, and accounts teams are encouraged to send a request email to minoffice-mole@nic.in and cpfc@epfindia.gov.in with the subject line "Request for Removal of OTP-Based Two-Factor Authentication on EPFO Employer Portal." In the email body, please describe the specific challenges or issues you are facing due to this new update.