A personal key is a 16-character secret code that login.gov gives you after you verify their identity. It’s used to encrypt your data (think of it as a key to your secret information). You don’t need it every time you sign in, but you will need it if you reset your password.
Remember, it’s the key to your personal information, so make sure you keep it in a safe place where it can’t be lost or stolen.
Note: You’ll only get and need a personal key if you verified your identity on your login.gov account (only some government applications require identity verification).
You need your personal key if you reset your password
To keep your information safe, your password and your personal key are the only two ways to decrypt your data (the only two keys to your secret information).
- If you reset your password, you’ll have to enter your personal key.
- If you lose both your password and your personal key, you’ll have to verify your identity again.
Personal keys are not used for 2FA anymore
In the past, we gave users a personal key to use as a two-factor authentication method. It was a way to sign in to your account if you lost or changed your phone number. However, we’ve now removed the ability to use personal keys as an authentication method because they are easily lost or stolen.
If you still have the option to use personal key for two-factor authentication, you’ll be asked to set up a different authentication method the next time you sign in. You can choose from phone SMS or voice call, authenticator app, security key, government or military employee ID (PIV/CAC), or backup codes. After you set up your new authentication method, you won’t be able to use personal key as an authentication method anymore.