Rules of Use
The Login.gov service is provided by the U.S. General Services Administration to offer the public secure and private online access to participating government programs. With one Login.gov account, users can sign into multiple government agencies. Our goal is to make managing federal benefits, services, and applications easier and more secure.
These terms of service provide:
- Information on how the Login.gov service works and what you can expect from it,
- The terms under which we provide the Login.gov service to you,
- How we use your information and your rights to that information, and
- The conditions you agree to when you take certain actions on the Login.gov service.
1. General Service Definition
The Login.gov service offers the public secure and private online access to participating government programs. With one Login.gov account, you can sign into services offered by multiple government agencies. Our goal is to make managing federal benefits, services, and applications easier and more secure.
The Login.gov service partners with other federal agencies (“partners”) to allow you to access those services with just one Login.gov account, eliminating the need to create many separate accounts across government.
The Login.gov service protects your account by implementing strong security measures and protects your privacy by collecting the minimally necessary information from you and, in turn, revealing to partners only the information necessary for those partners to execute their service. And Login.gov never shares validated personal information with a federal partner unless:
- You provided explicit consent (which you can revoke that at any time);
- Disclosure is required by law; or
- Disclosure is necessary to investigate fraud related to your account.
Some government applications that use Login.gov require you to verify your identity. This means that you must prove that you are who you say you are. That proof helps ensure that only the right people get access to sensitive information.
The Login.gov service employs recognized security and privacy best practices.
Prior to using the Login.gov service, you are required to agree to these terms of service. In the event Login.gov service changes its terms of service, you will be given the option to agree or to decline the updated terms of service the next time you login. Similarly, when conducting certain activities in the Login.gov service, such as providing personal information for the first time, the Login.gov service may require you to re-confirm your understanding of how it uses your information.
2. Your Agreement
In addition to details about your consent stated elsewhere in these terms, by accepting these terms and using the Login.gov service, you agree that:
- You are not a child under 13 years of age,
- Any information you provide to us is complete and accurate,
- If you verify your identity, the identity you claim when using the service is your own,
- You will comply with applicable local, state, and federal laws in your use of the service,
- You will keep your personal and login information confidential, and
- You will maintain accurate information in your account at all times.
You further agree that you will NOT misrepresent your identity or any information you present in the Login.gov service, including through customer support channels.
We will post any changes to these terms to this page. If the changes affect our handling of your personal information or are otherwise deemed significant, we will notify you by email. If we cannot reach you by email, we reserve the right to contact you by other means, including postal mail. If at any time you no longer agree to these terms or any other relevant terms of the Login.gov service, you may close your account.
Accessing an account on the Login.gov service is called authentication. Authentication to the Login.gov service requires multi-factor authentication (or two factor authentication) as a means of providing strong protection against malicious attempts to access your account and information.
We provide several ways to establish multi-factor authentication, called authenticators. You will always be required to create a passphrase as one of your authenticators and to use that passphrase to authenticate to your account (except for PIV/CAC use, which is applicable to federal personnel only). Passphrases are like passwords, but they allow you more flexibility, such as by using words and spaces, and generally don’t have composition rules such as requiring the use of numbers or special characters.
We encourage you to set up multiple additional authenticators. This way, if you misplace one authenticator, you can still get into your account and won’t lose any information.
The authenticators currently available to you in the Login.gov service are:
- A passphrase;
- Backup codes;
- One-time passcodes through SMS (text) or voice messaging, sent to a mobile device you control;
- One-time passcodes through authenticators apps such as Google Authenticator or Authy, downloaded to a mobile device of your own and registered with Login.gov;
- PIV and CAC cards, for federal and armed forces personnel only;
- WebauthN security devices and software, such as FIDO (“Fast IDentity Online”) tokens, Yubikeys, and Google’s Titan Security Keys, obtained by you and registered with Login.gov;
Login.gov does not renew, reissue, or expire authenticators, but you can revoke an authenticator associated with your account at any time and, if desired, re-add it later. The Login.gov service does not issue physical authenticators. Authenticators other than passphrases or backup codes require hardware or software that you provide yourself.
When you register an authenticator with the Login.gov service, you agree to allow us to use it as an authenticator to access your account. If you register for SMS or voice messaging, you authorize us to send text messages and make phone calls to your phone number.
For physical authenticators such as printed out backup codes, a hardware token, or a phone, protect them by keeping them in a safe place or with you. Don’t let them get damaged. If they get lost, broken, or damaged, you may lose access to your account.
If you forget your passphrase, you can reset it if you have access to your registered email address. If you don’t have any of your other authenticators available, you can still access your account, but we will delete any information contained in it. You can change your passphrase at any time from your account profile. If you lose another authenticator or no longer wish to use it, you can deactivate it in your account profile at any time.
If we suspect fraud on your account, we may lock your account and contact you. If we have reason to believe your passphrase has been compromised, we may require that you reset it.
4. Identity Proofing and Verification
The first time you try to log in using Login.gov at a partner application that requires a high degree of certainty that you are who you say you are, we initiate a process called identity proofing. Identity proofing takes information about you and attempts to validate that information and then verify that you, the user, are the individual you claim to be. We call this information identity evidence and it generally includes your name, date of birth, social security number, home address, and an image of identification, such as your driver’s license. You agree the information that you provide is your information - not someone else’s - and accurate.
After you provide us with this identity evidence, we attempt to validate it against various authoritative sources. We use third party identity proofing services to assist us with this validation. For instance, if you submit an image of your driver’s license from your state of residence, we’ll compare the information on it to the authoritative data from your state Department of Motor Vehicles (DMV), Motor Vehicle Administration (MVA), or equivalent state agency to ensure that you exist in those records. We’ll also use technology to look for certain security features on the driver’s license to ensure that it’s not fake.
Similarly, we’ll compare the information you give us to other records for added confidence in your identity. We may, for instance, verify that your name, date of birth, address, and social security number all match in records with a credit bureau. While we won’t check your credit, we will ensure that such a person exists to protect you from identity fraud. We may also check with other sources to confirm the information you provide us. If we can’t validate your address in other ways, we may confirm you live there by sending you a letter with a code that you enter into the Login.gov service.
In the unlikely event that the Login.gov service is discontinued, information on the account will be retained subject to our System of Records Notice, as amended. Specifically, user information, including profiles, log-in files, password files, audit trail files and extracts, system usage files, and cost-back files used to assess charges for system use are maintained in accordance with GSA’s Records Retention Schedule, GRS 03.2.
The Login.gov service is operated within the United States, but is accessible globally for public use. The Login.gov service is operated by the General Services Administration under authorities and guidance found in 6 USC § 1523 (b)(1)(A)-(E), the E-Government Act of 2002 (Pub. L. 107–347, 44 U.S.C. 3501 note), and 40 USC § 501, and OMB M-19-17.
7. Service Operation and Customer Support
The Login.gov service operates with a high standard of service, both in service delivery and customer support.
1. Availability and Uptime
As an authentication system and gateway to federal applications, we strive for high availability and uptime. Our goal is to maintain a service uptime of 99.9% across all sites and systems. See our status page for live statistics, incident reports, and subscribe to updates.
2. Customer Support
Customer support and help desk services are always available through https://login.gov/contact/. When you submit for customer support, we will use any information you provide to address your question or comment, and may use your feedback to improve our service or for other purposes as we see fit, such as for marketing. In doing so, we will never reveal your personal information outside of the Login.gov service except as required by applicable law or as stated elsewhere in these terms.
8. Responsibilities of Our Partners
The Login.gov service connects the public to federal agencies more easily by allowing users to access multiple government programs with one Login.gov account.
Partner agencies select the information they require from the list of attributes we support. If we don’t already have it, we request that information from you; validate it, and ask for your consent to share it with the partner agency. Partners can request a variety of information such as name, address, birth date, phone number and email address. Partners are required to protect this information in compliance with federal law and policy.
During the process of becoming a partner on the Login.gov service, we collect information from the agency about the type of access they are providing and, from that information, come to agreement with the partner on the risk of the application and the need for personal information. Based on this, we determine the level of information the partner may receive.
Images of your U.S. based state ID or driver’s licenses are retained in an encrypted format. These images are only retrieved and decrypted upon the mutual determination of Login.gov and the partner agency for law enforcement purposes due to suspected fraud.
The IRS requires information surrounding attempts to access an account or verify identity. When accessing IRS systems via Login.gov, this information is sent to the IRS in a way that only the IRS can access it. Login.gov will not retain this unvalidated personal identifiable information beyond 7 days.
We will never share validated personal identifiable information with a partner without your explicit consent, as required by law, or as otherwise stated in these Rules of Use. You may revoke this consent at any time, and we will revoke the partner’s access to the information. The partner may, however, retain this information subject to their data retention policies. The Login.gov service does not collect any information you provide directly to the partner.
Prospective partners and other interested parties can find more information about the partner onboarding process from the Login.gov developer guide.
There are no fees charged to you for registering or using the Login.gov service. There is no fee associated with connecting to our partners, though the partners themselves may charge fees for some of their services, such as making a reservation, purchasing an item, or applying for a service.
10. Representations, Warranties and Liabilities
Disclaimer of Warranties
Login.gov services are provided “as is” and on an “as-available” basis. GSA hereby disclaims all warranties of any kind, express or implied, including without limitation the warranties of merchantability, fitness for a particular purpose, and non-infringement. GSA makes no warranty that the services will be error free or that access thereto will be continuous or uninterrupted.
1. General Representations
You hereby warrant that (1) your use of the website and services will be in strict accordance with the Agreement and all applicable laws and regulations, and (2) your use of the website and services will not infringe or misappropriate the intellectual property rights of any third party.
2. Limitations on Liability
In no event will GSA be liable with respect to any subject matter of this Agreement under any contract, negligence, strict liability or other legal or equitable theory for: (1) any special, incidental, or consequential damages; (2) the cost of procurement of substitute products or services; or (3) for interruption of use or loss or corruption of data.
11. General Provisions
1. Entire Agreement
This Agreement constitutes the entire Agreement between GSA and you concerning the use of the website and services, and may only be modified by the posting of a revised version on this page by GSA.
Any disputes arising out of this Agreement and access to or use of the services shall be governed by federal law.
3. No Waiver of Rights
GSA’s failure to exercise or enforce any right or provision of this Agreement shall not constitute waiver of such right or provision.
4. Contacting Us
If you have questions about these terms or any other aspect of the Login.gov service, you can contact us at https://login.gov/contact.Back to top