Multi-factor authentication (MFA) strengthens account security by requiring two factors to confirm your identity when you sign in to your ID.me account. These factors usually include something you know (like a username and password) plus something you own (like a phone number).
MFA helps prevent phishing, social engineering, and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials. With MFA, your password alone is no longer enough to access your account, dramatically improving account security.
Available MFA methods
- Text Message or Phone Call
- Push Notification
- Code Generator
- NFC-Enabled Security Key
- FIDO Security Key
How it works
When you have MFA set up for your ID.me Account, you will take additional steps to confirm your identity when you sign in with your email address and password. In the initial set up of MFA, you will be presented several MFA options to choose from; for example, you may set up verification codes as your MFA method, which will send a one-time use code to a trusted device, sometimes via a trusted phone number. You could also sign in to ID.me on your computer, then receive a verification code via a call or text on your phone. Enter the code on the device you are using to access ID.me, and the sign-in is complete.
Depending on your account set-up and the partner website you are working with, you may be asked to provide MFA credentials every time you sign in, or you may be permitted to 'trust' sign-ins that come from certain devices.
What is a trusted device?
A trusted device is a smartphone or tablet that you have used for MFA in the past. If this is your first time creating an ID.me account, the device you use to set up MFA will be your first trusted device. You can have more than one trusted device, and will need at least one to use verification codes as your MFA method.
What is a trusted phone number?
A trusted phone number can be used to receive verification codes either by text or phone call.
You must verify at least one trusted phone number to enroll in MFA. Consider verifying additional phone numbers, like a home phone, or a number used by a family member, to ensure you can access your account, even when away from your own trusted device.
What is a verification code?
A verification code is different from the passcode you may use to unlock your device.
What is a push notification?
A push notification is a prompt that appears on your enrolled trusted device when you sign in. Select and approve the push notification to complete the process.
You have 3 MFA attempts before you are locked out of your account.
You can regain access to your id.me account by selecting where it says “please click here…” and confirming your email address.