Multi-factor authentication (MFA) strengthens account security by requiring two factors to verify your identity. These factors usually include something you know (like a username and password) plus something you own (like a smartphone).
MFA protects against phishing, social engineering, and password brute-force attacks—securing your ID.me account from fraudsters exploiting weak or stolen credentials. With MFA, your password alone is no longer enough to access your account, dramatically improving account security.
How it works
When you have set up MFA in your ID.me account, you begin the sign-in process with your email address and password. Then, you will also enter additional credentials—often, a verification code sent to a trusted phone number.
For example, you may sign in to ID.me on your computer, then receive a verification code via text on your smartphone. Enter the code from your phone on your computer, and sign-in is complete.
What is a trusted device?
A trusted device, such as a smartphone or tablet, is a device that you have used before for MFA.
What is a trusted phone number?
A trusted phone number can be used to receive verification codes either by text or phone call.
You must verify at least one trusted phone number to enroll in MFA. Consider verifying additional phone numbers (i.e. home phone, or a number used by a family member or close friend) to ensure you can access your account, even when you are away from your own trusted device.
What is a verification code?
A verification code is a temporary code sent to a trusted device via a text message or dedicated app, like ID.me Authenticator.
A verification code is different from the passcode you may use to unlock your device.
What is a push notification?
A push notification is a prompt that appears on your enrolled trusted device when you sign in. Tap and approve the push notification to complete the process.