Skip to main content

 

Cisco Meraki Documentation

Overview and FAQ: Cisco Meraki SMS MFA Deprecation

  1. Last updated
  2. Save as PDF

Frequently Asked Questions

Overview

What is happening?

Cisco Meraki is enhancing the security of Meraki dashboard accounts by moving away from SMS-based Multi-Factor Authentication (MFA). SMS MFA is a method where a one-time code is sent via text message to your phone to verify your identity during login. While convenient, this method has become increasingly vulnerable to modern security threats like SIM-swapping and phishing. To provide stronger, more resilient account protection, Meraki is transitioning all users to Time-based One-Time Passwords (TOTP) generated by authenticator apps. 

This transition will occur in carefully managed phases to minimize disruption. Users will have the flexibility to use any TOTP-compliant authenticator app, although we recommend Duo Mobile. When setting up TOTP, we strongly advise enabling cloud backup for your authenticator app to prevent lockout if your device is lost or damaged. This move aligns Meraki with modern security best practices and provides you with a more robust authentication method. 

Why is SMS-based MFA being removed as an option?

SMS-based MFA is being deprecated to enhance account security and align with industry best practices, driven by the Cisco Security and Trust Organization (STO). SMS is increasingly vulnerable to threats like SIM-swapping, interception, and phishing. Moving to Time-based One-Time Passwords (TOTP) generated by authenticator apps like Duo Mobile or Google Authenticator significantly reduces these risks by ensuring codes are generated locally on your device and are not transmitted over potentially insecure channels.  

When will I no longer be able to use SMS MFA to authenticate?

Please migrate to TOTP before November 17, 2025. If you have not yet migrated by this date, you will be mandated to do so at your next login.  

SMS MFA will be fully deprecated by November 30, 2025. This is when you will no longer be able to use SMS MFA to authenticate.

Can I keep using SMS MFA if I prefer it?

No. For security reasons, SMS MFA will no longer be available after the deprecation date (November 30, 2025). We strongly recommend setting up an authenticator app with cloud backup as soon as possible. 

What happens if I don't switch in time and I get locked out?

If you don't switch in time and get locked out, you should contact Meraki Technical Support. Our Support team will guide you through a secure recovery process to regain access and set up your new MFA method. For more information, please see our documentation on 2FA Recovery

What are the different phases of the SMS MFA deprecation?

The migration will occur in three phases: 

Phase 1: Awareness building (starts on September 22, 2025) 

  • New SMS MFA adoption is discouraged with clear warnings. 

  • If you're currently using SMS MFA, you will see in-product banners, warnings on login, and you will receive email reminders to encourage voluntary migration. 

Phase 2: Forced migration – soft lock (2 weeks, starting November 3, 2025) 

  • After an SMS login, you will be redirected to the TOTP setup wizard before reaching the landing page. 

  • You will have an option to move to a different Meraki dashboard page, but you will be re-prompted at your next login. 

  • Banners and reminders will remain in place. 

Phase 3: Forced migration – hard lock (2 weeks, starting November 17, 2025) 

  • SMS MFA will be fully retired. 

  • After an SMS login attempt, you will be redirected directly to the TOTP setup wizard. 

  • TOTP setup must be completed to proceed. 

Customer Actions

What do I need to do if I'm currently using SMS for MFA?

If you're currently using SMS for MFA, you need to switch to an authenticator app (like Duo Mobile) before November 30, 2025. More information about how to configure Duo Mobile can be found here.  

You can set up TOTP from your "My Profile" page. From an active SMS configuration, you can click "Set up offline access on a mobile device" to start the TOTP setup flow. 

During this flow, once TOTP is verified, a pre-checked box allows you to disable SMS before completing setup. 

What authenticator apps are available?

You can generally use any TOTP-compliant authenticator app. We strongly recommend you set up an authenticator app with cloud backup capabilities for easy account recovery if you lose access to your device, such as Duo Mobile.

Troubleshooting & Support

Why does SMS still appear enabled in the UI after I've disabled it?

Currently, you can appear to have both SMS and TOTP enabled simultaneously, even if only one is active. The system uses the most recently enabled MFA method. If you have set up TOTP, it is your active method, even if SMS still shows as enabled.  

The "Re-enable SMS" button becoming visible is an indicator that SMS is no longer the active method. Be assured that if you have completed TOTP setup, that is your active method. 

Who do I contact if I have additional questions about this deprecation?

Please contact Meraki Technical Support if you have questions or concerns about this deprecation.  

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
  2. Tags
    This page has no tags.