Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Rules of Use

Rules of Use

The Login.gov service is provided by the U.S. General Services Administration to offer the public secure and private online access to participating government programs. With one Login.gov account, users can sign into multiple government agencies. Our goal is to make managing federal benefits, services, and applications easier and more secure.

These Rules of Use provide:

  • Information on how the Login.gov service works and what you can expect from it,
  • The terms under which we provide the Login.gov service to you,
  • How we use your information and your rights to that information, and
  • The conditions you agree to when you take certain actions on the Login.gov service.

1. General Service Definition

The Login.gov service offers the public secure and private online access to participating government programs. With one Login.gov account, you can sign into services offered by multiple government agencies. Our goal is to make managing federal benefits, services, and applications easier and more secure.

The Login.gov service partners with other government agencies (“partners”) to allow you to access those services with just one Login.gov account, eliminating the need to create many separate accounts across government.

The Login.gov service protects your account by implementing strong security measures and protects your privacy by collecting the minimally necessary information from you and, in turn, revealing to partners only the information necessary for those partners to execute their service. And Login.gov never shares validated personal information with a partner unless:

  1. You provided explicit consent (which you can revoke that at any time);
  2. Disclosure is required by law; or
  3. Disclosure is necessary to investigate fraud related to your account.

Some government applications that use Login.gov require you to verify your identity. This means that you must prove that you are who you say you are. That proof helps ensure that only the right people get access to sensitive information.

You will only be asked to verify your identity the first time you sign into certain government applications. After you verify your identity with Login.gov for one government application, you usually don’t need to do it again for other government applications. By providing the Login.gov service with the information needed to verify your account, you authorize it to use that information to conduct activities necessary to ensure your identity, including sharing information with certain third parties, namely identity proofing services. The Login.gov service requires those parties to hold your information confidentially and not to use it for other purposes, as detailed in our Privacy Policy.

The Login.gov service employs recognized security and privacy best practices.

Prior to using the Login.gov service, you are required to agree to these Rules of Use. In the event Login.gov significantly changes its Rules of Use, you will be given the option to agree or to decline the updated Rules of Use the next time you login. Similarly, when conducting certain activities in the Login.gov service, such as providing personal information for the first time, the Login.gov service may require you to re-confirm your understanding of how it uses your information.

2. Your Agreement

In addition to details about your consent stated elsewhere in these terms, by accepting these Rules of Use and using the Login.gov service, you agree that:

  1. You are not a child under 13 years of age,
  2. Any information you provide to us is complete and accurate,
  3. If you verify your identity, the identity you claim when using the service is your own,
  4. You will comply with applicable local, state, and federal laws in your use of the service,
  5. You will keep your personal and login information confidential, and
  6. You will maintain accurate information in your account at all times.

You further agree that you will NOT misrepresent your identity or any information you present in the Login.gov service, including through customer support channels.

You also agree that you are bound by these terms and the Privacy Policy, and other terms related to the Login.gov service.

We will post any changes to these terms to this page. If the changes affect our handling of your personal information or are otherwise deemed significant, we will notify you by email. If we cannot reach you by email, we reserve the right to contact you by other means, including postal mail. If at any time you no longer agree to these terms or any other relevant terms of the Login.gov service, you may close your Login.gov account.

3. Authentication

Accessing an account on the Login.gov service is called authentication. Authentication to the Login.gov service requires multi-factor authentication (or two factor authentication) as a means of providing strong protection against malicious attempts to access your account and information.

We provide several ways to establish multi-factor authentication, called authenticators. You will always be required to create a passphrase as one of your authenticators and to use that passphrase to authenticate to your account (except for PIV/CAC use, which is applicable to federal personnel only). Passphrases are like passwords, but they allow you more flexibility, such as by using words and spaces, and generally don’t have composition rules such as requiring the use of numbers or special characters.

We encourage you to set up multiple additional authenticators. This way, if you misplace one authenticator, you can still get into your account and won’t lose any information.

The authenticators currently available to you in the Login.gov service are:

  1. A passphrase;
  2. Backup codes;
  3. One-time passcodes through SMS (text) or voice messaging, sent to a mobile device you control;
  4. One-time passcodes through authenticators apps such as Google Authenticator or Authy, downloaded to a mobile device of your own and registered with Login.gov;
  5. PIV and CAC cards, for federal and armed forces personnel only;
  6. WebauthN security devices and software, such as FIDO (“Fast IDentity Online”) tokens, Yubikeys, and Google’s Titan Security Keys, obtained by you and registered with Login.gov;

Login.gov does not renew, reissue, or expire authenticators, but you can revoke an authenticator associated with your account at any time and, if desired, re-add it later. The Login.gov service does not issue physical authenticators. Authenticators other than passphrases or backup codes require hardware or software that you provide yourself.

When you register an authenticator with the Login.gov service, you agree to allow us to use it as an authenticator to access your account. If you register for SMS or voice messaging, you authorize us to send text messages and make phone calls to your phone number.

For physical authenticators such as printed out backup codes, a hardware token, or a phone, protect them by keeping them in a safe place or with you. Don’t let them get damaged. If they get lost, broken, or damaged, you may lose access to your account.

If you forget your passphrase, you can reset it if you have access to your registered email address. If you don’t have any of your other authenticators available, you can still access your account, but we will delete any information contained in it. You can change your passphrase at any time from your account profile. If you lose another authenticator or no longer wish to use it, you can deactivate it in your account profile at any time.

If we suspect fraud on your account, we may lock your account and contact you. If we have reason to believe your passphrase has been compromised, we may require that you reset it. If your account has been compromised in any way, please notify Login.gov immediately at https://login.gov/contact/.

4. Identity Proofing and Verification

The first time you try to log in using Login.gov at a partner application that requires a high degree of certainty that you are who you say you are, we initiate a process called identity proofing. Identity proofing takes information about you and attempts to validate that information and then verify that you, the user, are the individual you claim to be. We call this information identity evidence and it generally includes your name, date of birth, social security number, home address, and an image of identification, such as your driver’s license. You agree the information that you provide is your information - not someone else’s - and accurate.

After you provide us with this identity evidence, we attempt to validate it against various authoritative sources. We use third party identity proofing services to assist us with this validation. For instance, if you submit an image of your driver’s license from your state of residence, we’ll compare the information on it to the authoritative data from your state Department of Motor Vehicles (DMV), Motor Vehicle Administration (MVA), or equivalent state agency to ensure that you exist in those records. We’ll also use technology to look for certain security features on the driver’s license to ensure that it’s not fake.

Similarly, we’ll compare the information you give us to other records for added confidence in your identity. We may, for instance, verify that your name, date of birth, address, and social security number all match in records with a credit bureau. While we won’t check your credit, we will ensure that such a person exists to protect you from identity fraud. We may also check with other sources to confirm the information you provide us. If we can’t validate your address in other ways, we may confirm you live there by sending you a letter with a code that you enter into the Login.gov service.

In addition to validating the identity evidence you provide to us, we take additional steps to detect and prevent fraudulent account creation. We assess the device being used to access Login.gov, the identity being proofed, and your behavior during identity proofing. We collect information from the device to perform this assessment. Your personal information is stored in a manner which precludes Login.gov from reading it. However, Login.gov can still assess information about your device. We further detail how we use your information in our Privacy Policy

If you get an error and are unable to complete the identity proofing and verification process, redress instructions are provided with follow-on actions. Login does not currently have a process to identity proof through trusted referees (that is, people designated to act on your behalf during identity proofing ).

Biometric Data

Some partners require verification through biometric comparison. In these instances, Login.gov will collect your self-photograph, which is compared to the portrait on your government-issued ID Card.

5. Termination

You can terminate your account at any time through your account profile. Additionally, in the event of fraud or other violations of these Rules of Use, we may revoke access to your account. If this occurs, we will still protect your account information consistent with our Privacy Policy and System of Records Notice.

In the unlikely event that the Login.gov service is discontinued, information on the account will be retained subject to our System of Records Notice, as amended. Specifically, user information, including profiles, log-in files, password files, audit trail files and extracts, system usage files, and cost-back files used to assess charges for system use are maintained in accordance with GSA’s Records Retention Schedule, GRS 03.2 item 030, and are destroyed when business use ceases.

6. Authorities

The Login.gov service is operated within the United States, but is accessible globally for public use. The Login.gov service is operated by the General Services Administration under authorities and guidance found in 6 USC § 1523 (b)(1)(A)-(E), the E-Government Act of 2002 (Pub. L. 107–347, 44 U.S.C. 3501 note), 40 USC § 501, 40 USC § 502, and OMB M-19-17.

7. Service Operation and Customer Support

The Login.gov service operates with a high standard of service, both in service delivery and customer support.

1. Availability and Uptime

As an authentication system and gateway to federal applications, we strive for high availability and uptime. Our goal is to maintain a service uptime of 99.9% across all sites and systems. See our status page for live statistics, incident reports, and subscribe to updates.

2. Customer Support

Customer support and help desk services are always available through https://login.gov/contact/. When you submit for customer support, we will use any information you provide to address your question or comment, and may use your feedback to improve our service or for other purposes as we see fit, such as for marketing. In doing so, we will never reveal your personal information outside of the Login.gov service except as required by applicable law or as stated elsewhere in these terms.

8. Responsibilities of Our Partners

The Login.gov service connects the public to government agencies more easily by allowing users to access multiple government programs with one Login.gov account.

Partner agencies select the information they require from the list of attributes we support. If we don’t already have it, we request that information from you; validate it, and ask for your consent to share it with the partner agency. Partners can request a variety of information such as name, address, birth date, phone number and email address. Partners are required to protect this information in compliance with federal law and policy.

We will never share validated PII with a partner without your explicit consent, as required by law, or as otherwise stated in these Rules of Use. You may revoke this consent at any time, and we will revoke the partner’s access to the information. The partner may, however, retain this information subject to their data retention policies. The Login.gov service does not collect any information you provide directly to the partner.

Prospective partners and other interested parties can find more information about the partner onboarding process from the Login.gov developer guide.

9. Fees

There are no fees charged to you for registering or using the Login.gov service. There is no fee associated with connecting to our partners, though the partners themselves may charge fees for some of their services, such as making a reservation, purchasing an item, or applying for a service.

10. Representations, Warranties and Liabilities

Disclaimer of Warranties

Login.gov services are provided “as is” and on an “as-available” basis. GSA hereby disclaims all warranties of any kind, express or implied, including without limitation the warranties of merchantability, fitness for a particular purpose, and non-infringement. GSA makes no warranty that the services will be error free or that access thereto will be continuous or uninterrupted.

1. General Representations

You hereby warrant that (1) your use of the website and services will be in strict accordance with the Rules of Use and all applicable laws and regulations, and (2) your use of the website and services will not infringe or misappropriate the intellectual property rights of any third party.

2. Limitations on Liability

In no event will GSA be liable with respect to any subject matter of this agreement under any contract, negligence, strict liability or other legal or equitable theory for: (1) any special, incidental, or consequential damages; (2) the cost of procurement of substitute products or services; or (3) for interruption of use or loss or corruption of data.

11. General Provisions

1. Entire Agreement

This Rules of Use constitutes the entire agreement between GSA and you concerning the use of the Login.gov website and services, and may only be modified by the posting of a revised version on this page by GSA.

2. Disputes

Any disputes arising out of this Rules of Use and access to or use of the services shall be governed by federal law.

3. No Waiver of Rights

GSA’s failure to exercise or enforce any right or provision of these Rules of Use shall not constitute waiver of such right or provision.

4. Severability

If any provision of these Rules of Use is held to be invalid or unenforceable by a court of law, the remaining provisions of these Rules of Use shall be severable from the invalid or unenforceable provision and will remain in effect.

5. Contacting Us

If you have questions about these terms or any other aspect of the Login.gov service, you can contact us at https://login.gov/contact.

Back to top