Multi-factor authentication

Your security is important to us. That is why we strengthened our authentication requirements to ensure your My LTCFEDS account information stays secure.

You are now required to set up a phone number to receive a verification code by text message or voice call when you log in or reset your account security information. You also have the option to set up a security key (such as YubiKey) or biometric authenticator (such as Windows Hello, Apple TouchID or FaceID) to use instead, as an even stronger form of authentication. This is a common security practice referred to as "multi-factor authentication."

Log into your My LTCFEDS account to set this up today.


Multi-factor authentication (MFA) is a layered approach to securing online account access that requires users to provide two or more authentication factors before they can log in. MFA enhances security because even if one authenticator (such as a password) becomes compromised, it is unlikely an unauthorized or malicious user will also have access to an additional authenticator (such as entering a verification code sent to your mobile device).

Traditionally, websites only required a user ID and password to access online accounts, and users often chose easy-to-remember passwords repeated across multiple sites. This weaker security made users' personal information more vulnerable to malicious cyber-attacks.

Multi-factor authentication (MFA) provides a better way to protect your online accounts by adding an additional layer of security. MFA not only requires you to provide something you know such as a password or PIN, but it also requires something you have such as a mobile device or security key and/or something you are such as your fingerprint or face scan.

Security keys (such as YubiKeys) and biometric authenticators (such as Windows Hello or Apple TouchID and FaceID) inherently provide multi-factor authentication since they automatically require something you have and something you know or are. They are considered strong authentication factors when it comes to identity security.

By increasing the combination of authentication factors required to log in, it becomes even more difficult for an unauthorized user to access your online account.

The security of your personal and health information is one of our top priorities. We implemented multi-factor authentication because it is a widely adopted security best practice that helps limit the risk of malicious users attempting to gain access to your information.

You are now required to provide a verification code sent by text message or voice call to your phone, in addition to your password, when you log in or reset your account security information. This helps us confirm your identity and ensure that only you have access to your account. You also have the option to set up a security key or biometric authenticator to use as your authentication factor. This allows you to add an even stronger layer of security.

See the related question, "How does multi-factor authentication enhance security," for more information.

Log into your My LTCFEDS account and go to your My Account dashboard. On the Online Account card under Account Security, select the "Add security key" link. From there, you will be prompted to register a security key (such as YubiKey) or biometric authenticator (such as Windows Hello, Apple TouchID or FaceID). You must provide a PIN and/or biometric verification, using your fingerprint or face scan, to set up this type of authenticator.

Please refer to the dedicated support website for your security key or system platform (e.g., Windows, Apple iOS or macOS) for specific set up instructions and help.

The federal government requires its agencies and contractors to comply with the Federal Information Security Modernization Act (FISMA)—a law that defines certain cybersecurity standards to protect government information, operations, and assets against threats—using guidelines established by the National Institute of Standards and Technology (NIST).

As part of the contract with the U.S. Office of Personnel Management, we are required to make multi-factor authentication mandatory for all My LTCFEDS online account users.

No, you do not need a mobile phone or smartphone. You have the option to receive your verification codes by text message or voice call. If you have a landline phone, you can choose to receive your verification codes by voice call. You will receive an automated call and a recorded message will give you a code once you answer the call or leave it as a voicemail if you don't answer. The code is only valid for 5 minutes. If you do not enter it within that timeframe, you must request a new code.

No, you are not required to create a My LTCFEDS online account. Most of what is available within your online account is sent to you in writing for your own records. You can also contact our Customer Service Center for assistance with your coverage.

A My LTCFEDS online account allows you to easily review your coverage, update your contact information, and submit claims invoices for reimbursement once you are eligible for benefits.

Visit the multi-factor authentication section of CISA.gov or download the Digital Identity Guidelines from NIST.gov for more information on multi-factor authentication and the federal government's cybersecurity recommendations.