Secure your VA information with multi-factor authentication

In today’s world, we’re all challenged each day to protect our privacy and security, whether we’re making online purchases, filing taxes, or accessing and managing online services and accounts. This challenge is evident in our personal lives and is true for Veterans and VA. 

The good news is that a record number of Veterans are now choosing VA’s multi-factor authentication (MFA) option—verifying your identity through more than one channel, such as a password and a text message code. So, even if one credential becomes compromised, unauthorized users cannot bypass the second authentication requirement.

The MFA capability adds another level of security for when Veterans log in to access and manage VA services and benefits.

“It’s great to see our Veteran user community embrace this option,” said Charles Worthington, chief technology officer at VA’s Office of Information and Technology (OIT). “Multi-factor authentication is currently optional, but obviously it’s a popular choice.”

Multi-factor authentication enhances the security of VA’s digital interfaces, providing additional levels of protection. It combines multiple authenticator types based on information users know (e.g., a username and password) and information users receive (e.g., a code sent to the user’s mobile phone via text message). VA’s MFA allows users to select from assorted authentication methods that further protect the Veteran’s identity. 

The multi-factor authentication approach safeguards user accounts from impersonation attempts and keeps them secure if a user’s username and password are compromised. MFA also prevents potential account takeovers during additional online logins.

Microsoft has reported more than 300 million fraudulent sign-in attempts to cloud services—daily. It only takes one successful attack to breach your data, so protecting your personal information is vital. 

How MFA works

You must sign in with your account credentials whenever you access your personal, health or benefits information on a VA or non-VA website or app. After entering your credentials, with MFA turned on, you’ll be prompted to verify your identity another way. This additional authentication method is done using only a device in your possession, such as your mobile phone. VA websites and apps will send a unique code to your device through text messages, phone calls or a supporting app. Once entered, this code will grant you secure access to your account. 

To prevent fraud and identity theft, you must complete all the steps in the MFA process each time you sign into your account. VA is committed to helping you keep your information safe, and this added layer of protection can stop hackers from breaching your account and accessing your data.

Whether it’s to adhere to compliance requirements or to create a more robust multi-layered access environment for Veterans, VA knows that implementing MFA is essential to the Department’s mission to safeguard Veterans’ data. We want to keep your personal information secure and out of the hands of hackers and other online threats by:

• Enhancing the security of VA’s digital interfaces;
• Adding another level of security when Veterans log in;
• Safeguarding user accounts from impersonation attempts; and
• Keeping user accounts secure if a username or password is compromised.

Don’t skip the MFA step!

VA and other sites often allow you to secure your accounts through MFA. This crucial step serves as a warning system that prevents unauthorized attempts on your accounts, which could be the barrier between you and hackers. So, instead of wondering why you need MFA enabled, consider turning on MFA now if you still need to do so. This video shows how to set up your account with a few simple steps.