Skip to main content
Does your agency have an urgent need related to COVID-19 response efforts?
Contact login.gov partnerships
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

How login.gov keeps personal information private

login.gov encrypts the sensitive personal information of each user separately using a unique value generated from each user’s password. Our encryption method works like a safe deposit box in a bank vault. Only the user has the key. Only the user can open the box to reveal the contents. Only the user knows the password, and only the user can decrypt their information.

The vault

It’s hard to break into the “vault” or database. login.gov implements the latest National Institute of Standards and Technology (NIST) standards for secure authentication and verification. Our plans for ongoing security include regular penetration testing and external security reviews.

The safe deposit box

Individual accounts get a double layer of security. We require two-factor authentication as well as strong passwords that meet new NIST requirements. two-factor authentication requires that you login with your password and a code that we send to your phone.

We will evaluate and implement new authentication methods as they become widely available to make sure that login.gov remains accessible and secure.

Your personal key

Encrypting personal data separately means that login.gov cannot share any sensitive information with other government entities without users’ permission. Not even database administrators can decrypt a user’s personal information without the user’s password.