To continue strengthening ICAO’s information security posture, we are introducing Multi-Factor Authentication (MFA) for all Secure Portal accounts. MFA adds an additional security layer and verification step using a one-time password (OTP) sent to your designated ICAO email address. This ensures a more secure login process and protects your account even if the password were ever compromised.

MFA will be activated on: 01 December 2025. No preparation or setup is required on your side.

What is MFA and how does it work?

MFA is a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cellphone, from an email or a fingerprint scan. In the event that the password is weak or has been exposed elsewhere, an attacker or unauthorized actor could be using it to gain access. A second form of authentication increases security because this additional factor isn't something that's easy for an attacker to obtain or duplicate.

MFA works by requiring two or more of the following authentication methods:

• Something you know, typically a password.
  
• Something you have, such as a trusted device that's not easily duplicated, like a phone or hardware key or code from an email.
  
• Something you are - biometrics like a fingerprint or face scan.

For the ICAO Secure Portal, the process is as follows:

• Sign in to your Secure Portal account as usual.
• You will receive a one-time password (OTP) by email.
• Enter the OTP when prompted to complete the login.

Please find below a sample email that you will receive after entering your user name and password, 

Sample OTP email:

Upon entering your username and password, the following prompt page, requesting your one-time login code will be presented:

Login page preview:

Need Assistance?

If you experience any issues accessing your Secure Portal account, please contact ICAO Support at ICAOSupport@icao.int