In accordance with EDGAR Next, the SEC requires enhanced identity verification and multi-factor authentication (MFA) in order for filers to obtain account access. The time-based one-time password (TOTP) Secret Key is a common component of authentication used to satisfy those MFA requirements. The TOTP Secret Key is a unique, alphanumeric seed string by which both the SEC’s EDGAR system and a filer’s authentication app (for example, Google Authenticator or Microsoft Authenticator) generate the same 6-digit Code simultaneously. The TOTP Secret Key generates the TOTP Code, a secure, 6-digit Code generated by an authenticator app that changes every thirty seconds.
The majority of filers choose to add a cell phone or other authenticator device to login.gov. This additional phone or device may be used with GoFiler without any additional effort. When a filer attempts to use a feature in GoFiler that requires accessing login.gov, GoFiler will prompt the filer to provide the 6-digit Code, and they can enter it from their phone or authentication device. However, the process may be facilitated further by adding GoFiler as an actual authentication app. Doing so would allow GoFiler to generate its own 6-digit Codes based on the TOTP Secret Key. This would eliminate the need for a third-party authenticator, such as a phone, to automate functions including “Send to EDGARLink Online” or “Download User Token”.
Be mindful that there is a limit of two authenticators on login.gov currently. This means if a filer has multiple cell phones or authenticators set up, one will have to be removed before GoFiler may be added.
Setting up the TOTP Secret Key
- Enter username and password to begin setting up the TOTP Secret Key.
- Locate the TOTP Secret Code clicking on the following link: https://secure.login.gov/account
- On the Authentication Apps, choose "Add app".
- Give the Authentication App a nickname (such as “GoFiler”), and click “Copy” in Section 3, below the QR Code.
- Go to the Application Preferences > EDGAR > EDGAR Next Section. If you see red text in that tab with the message: “NOTE: These settings are being controlled by the EDGAR Next Credential Manager. Use Set EDGAR Next Credentials to update the manager”, instead, go to the "Set EDGAR Next User Credentials" in the Preferences dropdown and paste the Code in the TOTP Secret field there. If you do NOT see that red text warning, paste the Code in the TOTP Secret field of the EDGAR Next section in Application Preferences.
- Take the TOTP Code which appeared in the GoFiler Screen, and enter that into the login.gov screen.
- Click "Submit" in Filer Management and "OK" in GoFiler.
- Restart GoFiler.
Information Safety Tips for TOTP Secret Key Users:
- Refrain from storing or emailing the TOTP Secret Key in plain text.
- Protect and treat the TOTP Secret Key as if it were a password, because an individual who inadvertently obtains access to the TOTP Secret Key also would have the ability to generate valid login Codes.
- Regenerate the TOTP Secret Key right away should it be compromised. If the TOTP secret is exposed, an individual (who also has access to the filer’s password) would have the ability to bypass MFA.
- Set up an individual TOTP Secret Key for each authorized member of a team that shares filing responsibilities to ensure proper access control and maintain integrity
For further information, please feel free to contact our technical support team at (585) 424-1700 or e-mail to support@novaworkssoftware.com.