As part of our ongoing efforts to strengthen platform security, Lightico is enforcing additional identity verification requirements when a customer attempts to access the same session from more than one device.
This change will be introduced into sandbox environments the week of February 8, 2026 and as part of the March 8, 2026 production release and applies to both self-service and assisted sessions.
What is changing
When multi-device access is enabled, customers accessing a session from a second device must be authenticated.
Lightico will validate the customer using one of the following methods:
A one-time password (OTP) sent via an available communication method (email or phone)
An identity verification (IDV) method already configured for subsequent session entries such as session PIN, KBA (Knowledgebase authentication), Photo IDV
If neither option is available, access from an additional device will be denied.
Who is affected
This change affects all customers who use multi-device session access.
In particular, access from a second device will be denied for customers who:
Have multi-device access enabled, and
Do not have an IDV method configured for subsequent session entries, and
Start sessions without providing a communication method (email or phone)
In these cases, customers will be able to access the session only from the original device, and any attempt to enter the same session from another device will be blocked.
Why this change is required
Allowing access to the same session from multiple devices without identity verification introduces security risks, including unauthorized session sharing.
This update ensures that when a session is accessed from another device, Lightico can verify that the same customer is attempting to re-enter the session.
Action required
Review your current configuration and ensure that at least one of the following is in place if you use multi-device access:
A customer communication method (email or phone) available in the session for OTP delivery
An identity verification method configured for subsequent session entries. See Customer authentication for more information.
No action is required if your workflows already meet these conditions.
Additional note
Customers will not be required to complete duplicate identity verification for the same session entry.
Support and assistance
We understand that security-related changes can affect existing flows, and we are committed to making this transition as smooth as possible.
If you have questions or need assistance reviewing your configuration, please contact your Lightico customer success representative.