Learn MoreDigital Wallet

MFA

ID.me’s MFA options are certified at NIST 800-63-3B AAL2, ensuring strong account security by binding verified identities to secure credentials. Using MFA reduces fraud risk by adding an additional layer beyond a password. Accessible methods include Call to Landline for users without mobile devices and unphishable FIDO2 tokens for high-assurance scenarios.

MFA options

The following MFA options are currently supported.

Native app push notification

ID.me offers native push notifications through its FIPS 140-2 compliant Authenticator App, available on iOS and Android. Users can quickly authenticate using Touch ID or a PIN code for a seamless and secure experience.

Native app time-based-one-time-passcode (TOTP)

ID.me’s FIPS 140-2 compliant authenticator application provides native TOTP that can function in an online and offline setting.

External authenticator application support

ID.me supports major third-party authenticator applications including Google Authenticator, Duo, and more. These applications are able to function in an offline setting.

Passkey via WebAuthn

Passkeys allow users to authenticate with device-based methods like Touch ID or Face ID, streamlining MFA while resisting phishing attacks. They also enhance account recovery by enabling backup authentication through cryptographically linked devices using WebAuthn, even if a phone is lost or a number changes.

FIDO USB security key

Users authenticate by inserting a USB or USB-C key and tapping a button to complete a secure login. This method is supported by ID.me’s FIPS 140-2 compliant Authenticator App for high-assurance, phishing-resistant access.

NFC mobile key

Users are prompted to tap their NFC compatible key to their device to complete secure authentication.

Enhanced SMS

ID.me sends a secure short link via SMS to the pre-verified phone number, and uses a browser-based API to confirm delivery to a specific device. Unlike traditional SMS, this method is resistant to SS7 exploits and ensures device-level verification with no known bypass.

Call to landline/voice with one-time-passcode (OTP)

To support digital inclusion, ID.me offers landline-based MFA for users without mobile devices. This ensures access for older adults, lower-income individuals, and rural populations who may not own a cell phone.

Backup codes

ID.me provides users with 12 one-time use backup codes, each 16 characters long. These can be saved, printed, or written down and used for authentication without a phone. A new set is issued automatically after all codes are used. This option is also available during in-person verification.