Skip to main content

Multi-Factor Authentication (MFA) in OpenCCC and CCCApply

CCCSupport9
  • Updated

 

Multi-Factor Authentication (MFA) in OpenCCC & CCCApply — Support Summary

What is MFA?
MFA adds a second layer of security to OpenCCC/CCCApply accounts by requiring a one-time security code (sent via email or SMS) in addition to a password. It blocks 99% of automated account takeover attempts.

What users need to apply through CCCApply:

  1. A verified OpenCCC account (verified by email)

  2. At least one MFA method (email or mobile)

  3. Identity verification via CA DMV Wallet, ID.me, or manual verification with their college

Key Workflows

New Account Creation — Users create an account on the CCCApply Sign In page, verify via a 6-digit email code (expires in 10 minutes), optionally add a mobile number as a second factor, complete their profile, and are prompted to verify their identity.

Signing In (Verified Users) — Enter email → enter password → choose MFA method → enter security code → access My Applications.

Signing In (Unverified Users) — Same as above, but users see an additional prompt encouraging identity verification via CA DMV Wallet or ID.me before reaching My Applications.

Adding a Mobile Number — From My Applications → Edit Account, users can add/update a mobile number (Phone Type must be set to "Mobile") to enable SMS-based codes.

Account Recovery Options

Scenario

Recommended Path

Forgot password, still has email access

Use "Forgot your password?" link → receive code → reset password

Forgot email and/or password (CA resident)

Use CA DMV Wallet recovery for fastest results

Forgot email and/or password (non-CA resident)

Use Manual Recovery to locate account with personal info

Password requirements: 8+ characters, at least one uppercase, one lowercase, one number, and one special character (!, @, #, $, %, ^, &, *). Cannot contain the user's name.

Common Troubleshooting

  • Code not arriving (email): Check Spam/Junk folders; whitelist no-reply@cccmypath.org.

  • Code not arriving (SMS): Confirm cellular signal; VoIP numbers (e.g., Google Voice) may be blocked. Fall back to email.

  • Code expired: Codes are valid for 10 minutes. Click "Resend Code."

  • Too many failed attempts: 3 attempts per code, 3 codes per session. After exhausting all, the user is locked out for 48 hours. Recovery via CA DMV Wallet is recommended.

  • Changed email/phone: Must sign in with existing MFA method first, then update credentials in Edit Account.

  • Lost access to original email: Use mobile number to sign in, or use "Forgot your password?" self-recovery without entering an email.

Security Reminders

  • Never share security codes — support staff will never ask for them.

  • Receiving an unexpected code means the password may be compromised — change it immediately.

  • Report unrecognized applications or account activity to CCC Staff Support.

Click here for FAQs and more information on MFA: Multi-Factor Authentication (MFA) in OpenCCC and CCCApply

 

 

Related articles

Comments

0 comments

Article is closed for comments.