Skip to main content
Does your agency have an urgent need related to COVID-19 response efforts?
Contact login.gov partnerships
U.S. flag

An official website of the United States government

Help

How to create an account

Login.gov create account page help image
To create a login.gov account you’ll need a valid email address and a working phone number. We’ll also ask you to create a password.

Please be prepared to configure another authentication method out of the list available. Using this secondary authentication method allows us to protect your account better.

Enter your email and confirm it

Enter your email help image
Select “create an account” and enter your email address. Then check your email account for a message from us. Within the email is a link. Selecting the link will confirm your email address and send you back to login.gov.
This is what it looks like:
Confirm your email help image

Create a password

Next, you will create a strong password. Use the password strength meter on the screen as a guide. Passwords must be at least 12 characters, but otherwise there are no restrictions. You can even enter spaces in between words to get to 12 characters.
Choose password help image

Configure a second layer of security

Next, you will configure a secondary authentication method. The second step keeps your account more secure than using only a password. You can choose between text messages, phone calls, an authentication application, a security key, or backup codes. Government employees can also use their PIV or CAC cards.

Login.gov uses two-factor authentication (TFA), or multi-factor authentication (MFA), as an added layer of protection to secure your most sensitive information.

Two-factor authentication can be done in multiple ways and each has a different level of security. You can choose between text messages, phone calls, an authentication application, a security key, or backup codes. Government employees can also use their PIV or CAC cards.

We encourage you to review the available options and select the most secure option for you.

Learn more about each authentication method.

2nd factor options help image

Authentication application

Authentication apps are downloaded to your device and generate secure, 6-digit codes you can use to log in to your accounts. Unlike phone calls or text messaging/SMS, a hacker would need physical access to your cell phone in order to use the code.

While authentication apps are not protected if your device is lost or stolen, these apps offer more security than phone calls or text messaging/SMS against phishing, hacking or interception.

If you choose to use this secure option, you can download and install one of the supported applications and configure it to work with login.gov. Learn how to set up an authentication app.
Read more on how to set up an authentication app.

Enter security code help image

Security key

A security key is typically a physical device, like a USB, that you plug into your computer. The key is linked to your accounts and will only grant access to those accounts once the key is plugged in and activated. Since a security key does not rely on your cell phone, it has the highest level of protection against phishing and built in protections against hacking if it is lost or stolen.

Login.gov requires security keys that meet the FIDO standards. You can also add as many security keys as you want to secure your account.

To use this secure option for authentication, plug the key into a USB port and assign the key a name to identify it within your login.gov account. The next step will ask you to activate your key. This is generally done by pressing a button on the key itself.
Security key help image

Text message/SMS or Phone call

Text message/SMS or phone calls are convenient but are extremely vulnerable to theft, hackers and other attacks.

If you choose to use this less secure option, enter a phone number at which you can get phone calls or text messages. If you have a landline, you must receive your security code by phone call. login.gov cannot send security codes to extensions or voicemails.

We will send a unique security code to that phone number each time you sign into your account.
Add a phone number help image

Each security code expires after 10 minutes and can only be used once. If you don’t enter the security code within 10 minutes, just request a new code. Each code is only good once, so no one can steal one you’ve already used.
Phone text confirmation code help image

Type the security code into the field. That’s it! Every time you sign back into your login.gov account, you will receive a new security code that you need to enter. You’ll get the option each time you sign in to get a security code by a phone call or by SMS.
Enter security code help image

Backup codes

While backup codes are an accessible option for users who do not have phone access, these codes are the least secure option for two-factor authentication. Backup codes must be printed or written down which makes them more vulnerable to theft and phishing.

If you choose to select this less secure option, login.gov will generate a set of 10 codes. After you sign in with your username and password, you will be prompted for a code. Each code may only be used once, once the 10th code has been used you will be prompted to download a new list. Treat your recovery codes with the same level of attention as you would your password.
Backup codes generated help image