Multi-Factor Authentication (MFA) in OpenCCC and CCCApply (Pilot Draft)
To protect your personal data, the OpenCCC/CCCApply system uses Multi-Factor Authentication (MFA). This means that even if someone steals your password, they cannot access your account without the unique security code sent directly to your private email account or mobile device.
Passwords are no longer enough [to protect our account security] because cybercriminals use automated tools and AI to steal them at scale. Multi-Factor Authentication (MFA) stops these attacks in their tracks by requiring a second layer of defense—like a code on your phone or a facial scan. Because it blocks 99% of automated account takeover attempts, global security agencies, insurance companies, and compliance regulations now recognize MFA as the mandatory foundation of modern identity protection.
Contents
- 1 Creating A New Account Using MFA
- 2 Sign In With MFA - Verified User (Happy Path)
- 3 Sign In with MFA - Unverified User
- 4 Adding a Second Method of Authentication (Mobile Number)
- 5 Setting Your Preferred Method of Contact
- 6 Recovering Your Password
- 7 Recovering Your Account with California DMV
- 8 Recovering Your Account Manually
- 9 Troubleshooting & FAQs
Creating A New Account Using MFA
Account creation begins on the CCCApply Sign In page.
Note: If you have submitted a CCCApply application in the past, you most likely have an OpenCCC account. Skip to Using MFA with an Existing Account to learn about the ways MFA will be used in the sign in process and account recovery.
Step 1: Navigate to the CCCApply Sign In Page
Start at CCCApply.org and navigate to the college of your choice. Click their “Apply” link.
Click the Create An Account link below the Email or mobile phone input field. The Create Your Account page appears.
Pilot Testing: Navigate to the Pilot environment URL: https://test.opencccapply.net/gateway/apply?cccMisCode=ZZ1
Step 2: Enter & Verify Your Email Address
On the Create Your Account page, enter a unique email address and click Email My Security Code. The Verify Your Account page appears.
Retrieve the security code from your email Inbox and enter it on the Verify Your Account page.
You have 10 minutes to enter the correct code and click the Verify Email button before the code expires. If the code expires, click the Resend email link to get another code.
Didn’t receive your security code? If you don’t find your security code in your Inbox within a few seconds, check your All Mail, Spam and Junk folders first, then click the Resend Email link to obtain another code. You are allowed three (3) security code per sign in session. If you do not enter a valid security code successfully, you will be blocked from the system for 48 hours. See more Troubleshooting and FAQs tips.
Step 3: Add a valid mobile phone number
After verifying your email address, the Did You Know? prompt appears explaining why verifying a second method of authentication, in this case a mobile phone number, will give you more sign in options in the future.
Enter your valid mobile number in the Mobile Phone field and click the Text My Security Code button. This will send a new security code to your mobile phone or device. This step is optional and can be skipped, but it is highly recommended.
Verifying a mobile number in addition to your email address gives you two ways (factors) to request your security codes in the future.
Get the security code from your phone, enter it on the Verify Your Account page, and click Verify Mobile Phone.
If you don’t receive the SMS security code promptly, request another code by clicking Resend Code.
Following the validation of your mobile number, the user can select which method of contact they want to receive their code from the Keep Your Account Secure page moving forward.
Step 4: Finish entering your account information
After verifying your credentials, finish entering your account information on the Create Profile page. After entering all required fields, including creating your unique password, click Save at the bottom of the page.
After entering all required fields, including creating your unique password, click Save at the bottom of the page.
Step 5: Verify your identity
After your account has been created, the CCC Students are Expected to Verify Their Identity page displays and you are encouraged to verify your identity using one of our two trusted vendors: CA DMV Wallet or ID.me.
You will have three options at this point:
Verify later*
*To temporarily skip the verification process, click the Verify Later link at the bottom of the screen.
You will be taken to the CCCApply My Applications page to start a new application or resume an in-progress application.
Sign In With MFA - Verified User (Happy Path)
If you have an existing OpenCCC account, you will have already validated your email address and password when you created your account. Now, each time you sign in to CCCApply (or other OpenCCC systemwide application), you will follow this simple two-step process using MFA:
Step 1: Enter Your Email & Password
On the CCCApply Sign In page, enter your email address and click the Next button.
Enter your account password on the Password page and click the Sign In button.
If the system locates your account, the Keep Your Account Secure page appears.
Step 2: Select Your Contact Method
On the Keep Your Account Secure page, select your preferred method for receiving your one-time security code. If your email address is the only method that’s verified, select the radio button next to your email address and click the Next button.
A unique, time-sensitive security code will be sent to your Email inbox.
Step 3: Enter Security Code
Retrieve your time-sensitive security from your email Inbox.
Enter the code promptly on the Security Code page and click Next. Be sure to enter the code within 10 minutes or it will expire, and you will have to request another code.
Be sure to enter your code within 10 minutes or it will expire and you will have to request another code.
If your code is entered correctly, you will be signed in and taken to the CCCApply My Applications page to start a new application or resume an in-progress application.
To exit the My Applications page, click the Sign Out link in the upper right corner of the page header.
Security Code Tips:
If you don’t see the code in your inbox within a few seconds, check your All Mail, Spam or Junk folders right away.
You have three tries to enter the six-digit code correctly. If for some reason the code is rejected, you can request another code by clicking the Resend Code link.
You can request three codes total per sign in session. If, however, you are unable to enter any of the three allowed codes, the system will automatically block you from further sign in attempts. If you are blocked, you can recover access to your account using the CA DMV Wallet account recovery process..
Sign In with MFA - Unverified User
The sign in flow for users who are ID “verified” users is described in the section above.
However, if you are signing in with MFA as an “unverified” user, the process includes a step to encourage you to verify your identity for security purposes (and fewer sign in steps in the future).
Step 1: Follow Steps 1-3 in the Happy Path for Verified Users Process
The sign in flow for all existing users (including verified and unverified users) are the same through step 3 above.
Step 2: Verify Your Identity (optional, but recommended)
For unverified users, after entering your security code on the Security Code page, you are taken to the CCC Students are Expected to Verify Their Identity page, which encourages students to verify their identity using one of the two trusted vendor options: CA DMV Wallet and ID.me.
To complete the identity verification process, find step-by-step instructions for each vendor below.
Currently ID verification is not mandatory. Users may still bypass the verification process; however, there are many benefits to verifying your identity, including expedited admissions, identity security, and account recovery.
Once completed with the verification process, you will be taken automatically to the CCCApply My Applications page to start a new application or resume an in-progress application.
To exit, click the Sign Out link in the upper right corner of the page header.
Adding a Second Method of Authentication (Mobile Number)
Adding a mobile phone number as a second method of authentication greatly increases the security of your personal information and expedites the sign in and account self-recovery workflows.
Step 1: Sign In and Edit Your Account Information
Sign in to CCCApply using MFA.
From the My Applications page, select “Edit My Account” from the Account Information section below the In-Progress Applications table, or select Edit Account from the Settings link in the main menu.
Step 2: Add/Update Your Mobile Phone Number
On the Edit Account screen, add or update your mobile number in the Phone field and ensure the Phone Type field is set to “Mobile”. Phone numbers set to “Landline” cannot be used for MFA or set your preferred method of contact. Once your mobile number is entered, click the Update button at the bottom of the page to save your changes.
For more information, see the Setting Your Preferred Method of Contact section below.
Step 3: Validate Mobile Number
On the CCCApply Sign In page, enter your mobile phone number in the Email or mobile phone input field. Click Next.
Enter your password, then Sign In.
On the Keep Your Account Secure page, select your mobile phone number from the list of contact methods, then click Next.
Retrieve your code from you mobile phone or device and enter it in the Enter Security Code field. Click Next.
Benefits of Mobile Number: If the user didn’t choose to provide a mobile number during the first step of account creation, you can add that information here on the Create Profile page before saving your new account at the bottom of the page. You’ll receive a security code on your mobile phone and then enter it on the Security Code page that appears.
Note: After verifying your mobile number, the user can select which method of contact they want to receive their code from the Keep Your Account Secure page moving forward.
Setting Your Preferred Method of Contact
Setting your preferred method of contact in the Edit Account page lets you which way you prefer to receive security codes, notifications, and other SMS messages regarding your account.
Steps:
On the Edit Account page, ensure that both your mobile phone and email address are entered correctly. For your mobile number, ensure the Phone Type field is set to “Mobile”.
Choose your preferred method by clicking the “Make Preferred” button; there is one under each credential type.
Scroll to the bottom of the Edit Account page and click Update.
If needed, repeat the steps to verify your preferred credential using MFA.
Recovering Your Account Using MFA
If you have an existing OpenCCC account that you are unable to log into, please do not create a new account. This could delay your objective including submitting or resuming a CCCApply application. Several options are available to help you self-recover your credentials and get back moving forward without contacting the Helpdesk support.
Recovering Your Password
The Forgot your password? process works great for users who still have access to their email address but have simply forgotten their password.
Step 1: Recovering your password starts on the Sign In page
Enter your email address, then click Next.
On the Password page, click on the Forgot your password? link and click Next. The Keep Your Account Secure page appears.
Step 2: Select a method to receive a security code
On the Keep Your Account Secure page, select a contact method and click Next. You will receive a message containing a security code that you will input on the next step.
Retrieve your code from your email Inbox, then enter it in the Security Code field.
Step 3: Change Your Password
After verifying your security code, the Update Password page appears. Users are then required to create and verify a new password.
Enter a string of letters, numbers, and special characters into the Password input field. The combination must meet the criteria requirements listed on the left, adjacent to the input fields.
Re-enter the password in the Confirm Password field to ensure it matches the Password field exactly (both fields must match).
Click the Submit button to validate your secure password.
Reminder: The password you choose must meet the following security requirements:
be at least 8 characters in length
contain at least one uppercase letter
contain at least one lowercase letter
contain at least one number
contain at least one of the following special characters ( !, @, #, $, %, ^, &, or *)
must NOT contain your name
Password Security: If your updated password meets the required criteria, the “Password must” box will display solid green, as shown in the screenshot below.
If your old email is still accessible, we can send a reset link. But if not, and you are a California resident, try the CA DMV Wallet option for account recovery and identity verification.
Recovering Your Account with California DMV
If you have forgotten your email address and/or password, the first step towards account self-recovery using MFA begins with the Forgot your password? process on the Sign In page without entering your email address.
If you are a California resident, we recommend choosing the CA DMV Wallet option for fastest account recovery and identity verification.
Step 1: Click the Forgot your password? link on the Sign In page
From the CCCApply Sign In page, select the Forgot your password? link without entering an email address. The Recover Your Account page appears.
Click on the Verify with DMV Wallet button to start the CA DMV Wallet process.
Follow the steps outlined here in Verify using the CA DMV Wallet and keep in mind the following requirements:
You will be required to download the CA DMV Wallet app to a smartphone or desktop (smartphone is recommended).
You will be required to scan a QR code and receive a security code from the DMV.
Using the CA DMV Wallet to recover your account credentials also requires that you verify your identity through the CA DMV’s verification service. This not only helps you regain your sign in credentials easily, it verifies your identity for the CCC system.
Recovering Your Account Manually
If you have forgotten your email address and/or password, the first step towards account self-recovery using MFA begins with the Forgot your password? process on the Sign In page without entering your email address.
If you are a NOT a California resident, we recommend using this manual option to locate your account and recover your credentials.
Step 1: Click the Forgot your password? link on the Sign In page
From the CCCApply Sign In page, select the Forgot your password? link without entering an email address. The Recover Your Account page appears.
Click on the Recover Manually button to start finding your account.
Step 2: Walk through the manual recover account steps
Follow the screen prompts to enter locate your account manually by entering personal information used to create your account.
Troubleshooting & FAQs
Issue | Solution |
|---|---|
Security code didn’t arrive (Email) | Check your Spam/Junk and All Mail folders first before requesting a new code. Ensure no-reply@cccmypath.org is on your safe-sender list. |
Security code didn’t arrive (mobile device/SMS) | Ensure you have cellular signal. If you are using a VoIP number (like Google Voice), some carriers may block these messages. If you’re having trouble, try using your email address instead. |
Security code doesn’t work | Security codes are usually valid for only 10 minutes. If you wait too long, click Resend Code. |
Too many attempts entering a security code | Each security code permits three input attempts. After the third try, the security code expires. |
Email address isn’t working | If your email address is not working for signing in, refresh the page and then (without entering anything in the Email address or mobile number input field) click the Forgot your password? link and select a self-recovery option. |
Mobile number isn’t working | If your mobile phone number is saved in your account. sign in with your email address and navigate to the Settings > Edit Account link in your CCCApply My Applications page. Add or update the mobile number, set the Phone Type to “Mobile”. and save your changes. |
Password isn’t working | User should follow the Forgot Password? link on CCCApply or OpenCCC Sign In page. |
Email address changed by user | You must log in using your Email MFA first, then navigate to settings to update your mobile number. |
No longer has access to original Email account | If you have a mobile phone number saved and verified in your account, use your mobile number for sign in. If you don’t have a mobile number saved, refresh the page and then (without entering anything in the Email address or mobile number input field) click the Forgot your password? link and select a self-recovery option. |
Mobile number changed by user | You must log in using your Email MFA first, then navigate to settings to update your mobile number. |
No longer has mobile number | Please |
Received “Important: Your CCCApply Account Information was Changed” message | Possible spam/fraud activity (bad actor). If you receive this auto-message, it’s because a change was made to one of your contact methods. If you did make the change, ignore the message. If you did NOT make the change, please reach out to CCC Staff Support to report the activity. The message contains directions and links to help update your information. |
Security Best Practices
Never share your security code: Support staff will never ask you for your MFA code over the phone or via email.
Report unauthorized codes: If you receive an MFA code via text or email when you are not trying to sign in, someone may have your password. Change your password immediately.
If you complete the account recovery process and see any applications or other information that you do not recognize, please reach out to our CCC Staff Support team to report potential fraudulent activity.