Changes coming to the login experience for employers

Starting November 16, we’re updating how we secure account information for you and your employees. And, we’re making it easier for you to log in to

We’re changing how we make sure you are really you

This new security measure is called lots of different things, but in general, 2-factor authentication is probably the most common name. You’ve probably seen it before on other sites. When you log in from an unrecognized computer or mobile phone, we’ll send you a verification code to confirm it’s you. You then enter that code, along with your username and password, to access your account.

We’re simplifying how everybody logs in

You will no longer need to choose a log in type when logging into After the changes take place, you’ll simply click the login button and enter your username and password.

So, what does it really mean to you?

The first time you login after November 16, you will be able to register up to 4 ways to receive verification codes, including text, voice call, business email, or an authenticator app. We will use this information to send you verification codes in certain situations, such as if suspicious activity has been identified, if you forgot your password, or you are logging in from a computer or device you’ve never used to log in before. You choose which method you want to receive a verification code, every time we need to send you one. The best part? The verification codes will replace security questions and answers, as well as the employer access code.

What if I login to personal and employer accounts with the same username and password?

If you login to view personal accounts using the same username/password as your employer account and have already set-up 2-factor authentication previously for personal login, we will provide the option to register the same information for employer accounts, change the information you already registered for, and provide you with 2 new options.

Will I have to set up 2-factor authentication immediately?

Once the changes take place on November 16, it would be ideal to set up your 2-factor authentication immediately, but we understand that you may need time to adjust your business practices. That’s why we’re giving you until the end of the year to get it done. Keep in mind, until you set up 2-factor authentication, we’ll continue to ask for your employer access code when logging in to administer benefits.

The first time you log in after registering for 2-factor authentication, you can choose to “Remember my device for 90 days” on up to 5 different device(s). Once you do this, you can go 90 days before being prompted to enter a verification code again, unless, of course, unusual activity is detected.

Do I need to set up more than one method?

It’s a good idea to register more than one method for receiving your verification code as you go through the set-up process. That way you have a back-up way to get a verification code if your primary method is not available (ie. you forgot your phone at home and you’re trying to reset your password at work).

What is an authenticator app?

An authenticator app is a third-party app that you can download and install on your mobile device or computer. There are a lot out there, and most of them should be compatible with your Principal account. If you’re not sure, we provide a few options to consider below.

  • For mobile: Microsoft Authenticator, Google Authenticator, Authy, or LastPass.
  • For desktop: Authy

What can I do to get ready?

  1. Set up access for everyone that needs to log into the Principal employer website to manage retirement plans and group benefits. For security reasons, you shouldn’t have multiple people sharing one username and password.
  2. If you’re a primary administrator for the account, go to the Manage Security application to get started.
  3. Need help managing security access? Learn how to set up secondary administrators (PDF)
  4. Mark your calendar for the changes coming in mid-November

If you need help setting up appropriate security access for benefit administrators in your office, please contact us:

  • For help with retirement plan accounts, call 877-475-3436
  • For help with group benefit products, call 800-843-1371