For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Contact UsSign In
HomeIntegrationsGuidesBrand Assets
HomeIntegrationsGuidesBrand Assets
    • Overview
  • IAM Platforms
  • OIDC
    • Overview
    • Configuration
    • Integration
    • Best Practices
    • PKCE
  • SAML
    • Overview
    • Configuration
    • Integration
    • Best Practices
  • OAuth 2.0
    • Overview
    • Integration
    • PKCE
    • Error Codes
  • Shared Signals Framework
    • Registration and Transmission
  • Mobile SDK
    • Overview
    • Android
    • iOS
    • Video Demos
  • API
    • Applications API
    • Document Passback API
  • Learn More
      • Overview
      • Multi-Factor Authentication
      • Knowledge-Based Authentication
      • Fortified Identity
      • NIST IAL2
      • TEFCA Individual Access Services
    • Language Support
LogoLogo
Contact UsSign In
On this page
  • MFA options
  • Native app push notification
  • Native app time-based-one-time-passcode (TOTP)
  • Passkey via WebAuthn
  • FIDO USB security key
  • NFC mobile key
  • Enhanced SMS
  • Call to landline/voice with one-time-passcode (OTP)
  • Backup codes
Learn MoreDigital Wallet

MFA

Was this page helpful?
Edit this page
Previous

KBA-R

Next
Built with

ID.me’s MFA options are certified at NIST 800-63-3B AAL2, ensuring strong account security by binding verified identities to secure credentials. Using MFA reduces fraud risk by adding an additional layer beyond a password. Accessible methods include Call to Landline for users without mobile
devices and unphishable FIDO2 tokens for high-assurance scenarios.

MFA options

The following MFA options are currently supported.

Native app push notification

ID.me offers native push notifications through its FIPS 140-2 compliant Authenticator App, available on iOS and Android. Users can quickly authenticate using Touch ID or a PIN code for a seamless and secure experience.

Native app time-based-one-time-passcode (TOTP)

ID.me’s FIPS 140-2 compliant authenticator application provides native TOTP that can function in an online and offline setting.

Passkey via WebAuthn

Passkeys allow users to authenticate with device-based methods like Touch ID or Face ID, streamlining MFA while resisting phishing attacks. They also enhance account recovery by enabling backup authentication through cryptographically linked devices using WebAuthn, even if a phone is lost or a number changes.

FIDO USB security key

Users authenticate by inserting a USB or USB-C key and tapping a button to complete a secure login. This method is supported by ID.me’s FIPS 140-2 compliant Authenticator App for high-assurance, phishing-resistant access.

NFC mobile key

Users are prompted to tap their NFC compatible key to their device to complete secure authentication.

Enhanced SMS

ID.me sends a secure short link via SMS to the pre-verified phone number, and uses a browser-based API to confirm delivery to a specific device. Unlike traditional SMS, this method is resistant to SS7 exploits and ensures device-level verification with no known bypass.

Call to landline/voice with one-time-passcode (OTP)

To support digital inclusion, ID.me offers landline-based MFA for users without mobile devices. This ensures access for older adults, lower-income individuals, and rural populations who may not own a cell phone.

Backup codes

ID.me provides users with 12 one-time use backup codes, each 16 characters long. These can be saved, printed, or written down and used for authentication without a phone. A new set is issued automatically after all codes are used. This option is also available during in-person verification.