Multi-factor authentication (MFA) strengthens account security by requiring two factors to verify your identity. These factors usually include something you know (like a username and password) plus something you own (like a smartphone).
MFA protects against phishing, social engineering, and password brute-force attacks and secures your logins from attackers exploiting weak or stolen credentials. With MFA, your password alone is no longer enough to access your account, dramatically improving account security.
How it works
When you have enrolled your ID.me account in MFA, the sign-in process includes your email address and password, then you will also enter a verification code, which has been sent to a trusted device, sometimes via a trusted phone number. By entering the additional code, you are verifying that you have physical possession of the device.
For example, depending on how your account is set up, you may be signing in to ID.me on your computer, then receive a verification code via text on your smartphone. Enter the code from your phone on your computer, and log-in is complete.
Depending on your account set-up and the partner website you are working with, you may be asked to provide MFA credentials every time you log-in, or you may be permitted to 'trust' log-ins that come from a certain device.
What is a trusted device?
A trusted device (like a smartphone or tablet) is a device that you have used before for MFA. Trusted devices are used to verify your identity by displaying a verification code.
What is a trusted phone number?
A trusted phone number can be used to receive verification codes either by text or phone call.
You must verify at least one trusted phone number to enroll in MFA. Consider verifying additional phone numbers (like a home phone, or a number used by a family member or close friend) to ensure you can access your account, even when you are away from your own trusted device.
What is a verification code?
A verification code is a temporary code sent to a trusted device via a text message or dedicated app, like ID.me Authenticator. (NOTE: A verification code is different from the passcode you may use to unlock your device.)