TFA TOKENS MUST NOT BE SHARED BY MULTIPLE FSA USER IDS
Do people really have to be told that they can’t share TFA tokens? Seems that way. FSA is “reminding” institutions that TFA tokes used for logging into FSA systems and websites must NOT be shared. According to FSA only one authorized user is permitted per token.
Actually FSA notes that “in most cases, a TFA token that has multiple FSA Users IDs assigned to it is not being shared by multiple users but appears to be, either due to the token being inherited by a new employee, an employee changing his or her name, or other more uncommon situations. The Primary DPA should work with us to determine the best solution for these situations and ensure only one authorized user is registered to each TFA token.”
If ED suspects that users are sharing tokens, they’ll email your institution’s Primary Destination Point Administrator and probably make you order more tokens. ED does caution institutions however, stating that if institutions don’t respond they’ll remove access to FSA systems for affected users.