myAuth FAQs

myAuth is a new, multi-factor authentication application supported by DMDC to provide enhanced protection of your data. It is currently being piloted on a limited basis. myAuth utilizes high levels of security to create a safe and convenient sign-on.

milConnect and IDCO are the only partners able to utilize myAuth authentication during the pilot phase. More applications will be added in future phases, and you will be able to access all your regular DoD applications with one sign-in through your myAuth account. You can still use your DS Logon account to access applications that are not using myAuth yet.

myAuth is set up for the use of CACs, but not other types of PIV cards, in the pilot phase. Additional PIV functionality is expected to be added in a later phase. If you do not have a CAC, you can create a username and password to log in to myAuth.

For your protection, myAuth will not sign you in if your username is entered incorrectly, or your security methods are entered incorrectly. You can click Back to sign in on any of the login screens to return to the initial screen. Try logging in again:

• Double-check that you entered your username correctly. Your username is included in the myAuth welcome email.
• Ensure that your password is entered correctly. You can click the'eye' icon to display the password characters and ensure that it is correct.
• For your security, if you fail authentication too many times, your account will be locked. You can follow the directions on the screen to unlock your account.

For your protection, your session will end after a period of inactivity. If you are getting logged out of the system frequently, confirm that you are not connecting with a commercial (non-DoD/non-DMDC) VPN. It is recommended to not use commercial VPNs to access myAuth.

For your security, accounts are automatically deactivated after 180 days of inactivity. To access myAuth, you can create a new account (see Creating a New myAuth Account).

Your myAuth username is same as the email address that you entered when setting up your myAuth account. Check your email, including trash and spam or junk mail folders, for an email with the subject line “Welcome to myAuth.” Your username is included in the email. If you no longer have the email, you can create a new account (see Creating a New myAuth Account).

Users with a DS Logon account have already completed the identity verification process. myAuth is set up so that new users can quickly and easily verify their identity through DS Logon and create a myAuth account without repeating the process.

View a detailed walkthrough of the remote proofing process (see DS Logon Remote Identity Proofing) and Remote Proofing FAQs for additional information.

Some users will not be able to verify their identity remotely due to their devices or a lack of credit history. For those users, in-person proofing at a RAPIDS office is the best option. Contact a RAPIDS office to confirm what will be required (typically two [2] forms of ID). 

Logging in from the regular DS Logon page will not connect you to myAuth. Go to the myAuth website to connect your DS Logon identity verification. Log into DS Logon as you normally would. When you are authenticated, you should see a myAuth screen that prompts you to enter your email. If you see your DS Logon dashboard instead, try closing your browser and pasting the myAuth website link (https://myaccess.dmdc.osd.mil/identitymanagement/api/auth/myauth) into a new tab.

For security purposes, DS Logon accounts may be deactivated, suspended, or locked. Depending on the error message you see, try the following:

• Deactivated: Accounts that have not been used in 180 days are automatically deactivated to prevent unauthorized access. You will see Error Code 5 when you try to log in.
  1. On the myAuth login page, click Create New DS Logon Account, and complete the identity verification process (see Creating a New DS Logon Account and the DS Logon FAQs for additional information).
  2. Once you have authenticated, you will automatically be directed to the myAuth account process.
• Suspended: An account can be suspended due to incorrect password attempts. You will see Error Code 8 when you try to log in.
  1. Click Unsuspend my Account in the error message.
  2. Enter your PII to confirm your identity.
  3. Answer the challenge questions correctly.  
  4. Change your password.
  5. Update your challenge questions.
  6. Click Continue.
  7. Create a new myAuth account and connect your DS Logon identity verification (see Creating a New myAuth Account).
• Locked: DS Logon accounts can be locked to protect user security, including unusual activity.
  1. Contact the DMDC CCC to request instructions on how to have your account unlocked.
  2. You may be asked to contact the VA if the CCC is unable to remove a lock placed by the VA. The CCC will provide you with the necessary information.

Yes. If you choose to use your DEERS email address as your myAuth email address, all myAuth notifications will be sent to this email. Please note that myAuth requires a unique email address for all accounts; email addresses shared between family members will not work for multiple myAuth accounts.

Yes. If you use an email address for myAuth that is different than your DEERS official email address, you will receive myAuth notifications at that address. DMDC will continue to send benefits-related information to your official DEERS email address.

If you started to create a myAuth account but did not complete the process, your email username is already set up. The account creation process may not have been completed, or another person, such as a family member, may have created an account using the email address.

1. Check your email. Look in the trash and spam or junk mail folders for an email titled “Welcome to myAuth.” That email has a link that will let you complete the process.
2. If you share your email address with anyone else, like a child or a spouse, check to see if they already used the email address to create their own myAuth account. You may need to use a different email to create your own account.

Yes, for the purpose of one-time account creation. Once you have created your myAuth account and set up Smart Card Authentication, you will be able to log in using just your CAC.

Having a username and password also allows you to maintain access to your myAuth account after separation of service or when you do not have access to a CAC reader.

• Emails typically take less than one (1) minute to arrive. Occasionally, emails will take up to 20 minutes to arrive.
• Check your trash and spam or junk mail folders. The subject line will read “Welcome to myAuth.”
• It is possible that the email address had an error or typo. Follow the instructions to create a new myAuth account using your DS Logon (see Verify Your Identity with DS Logon). After you are authenticated, you will be asked to enter an email address. Enter your email address and the myAuth email will be sent to you. If you receive an error message that there is already an account with that email, see the "I see an error that says there might already be an account with my email. What can I do?” FAQ above.
  • If you share the email account with anyone, such as a spouse, check if they already created an account with your shared email. If they did, you can create an account with the same process using a different email address.
• This email is valid for seven (7) days. If it has been longer than (7) days, please contact the CCC to have the welcome email resent.

If your dependent already has a DS Logon account, they can use it to create a myAuth account. If your dependent does not have a DS Logon account, you can start the DS Logon registration process (see Creating a New DS Logon Account and the "Can I create an account for my dependent?" DS Logon FAQ).

Yes, myAuth is designed to be safe and secure to protect your information. myAuth uses the latest industry standard fraud detection and prevention tools. Consequently, to protect your identity and information, myAuth may require you to log in with more secure methods if it determines that your log in request is at a higher risk of being fraudulent.

Maintaining the privacy of your personal data is a shared priority for you and myAuth. For the security of your information, myAuth requires additional security methods to protect your account.

In addition to providing your username and password, you will be required to provide a second security method, such as a code or push notification using the Okta Verify app, or OTP via email. The extra step keeps your information secure while giving you SSO access to various apps.

Having additional security methods in place helps you recover your account if your password is forgotten or stolen.

From the app store on your device, search for Okta Verify.

• Choose Okta Verify and NOT Okta Mobile or Okta Personal.

If you are not able to scan the QR code to set up Okta Verify, you can click Can’t Scan under the QR code. You will be given the option to set up Okta Verify with email. Select Email me a setup link and click Next. You will receive an email with a link. Click the Activate Okta Verify Push link. See Authenticating Using Security Methods for additional information.

If you have face or fingerprint recognition (such as Face ID) set up with Okta Verify on your device, Okta Verify will cloak the numbers until you successfully complete the face or fingerprint verification. Once your phone has completed the check, the numbers will be displayed.

It is possible Okta Verify might not be set up correctly on your device. You can remove Okta Verify from your security methods and try setting it up again (see Removing Security Methods). You can log in using Email OTP and password for your security methods. Click Verify with something else if they are not presented as options.

Yes. If you did not choose to set up Face ID during the Okta Verify setup, you can add it later. Open the Okta Verify app and click on the myAuth account. You will be directed to the Account Details screen.

Under Security, you can toggle Face ID or Passcode Confirmation on. You will need to verify your identity to complete the setup. The Okta Verify app will present a code that you will enter on the following myAuth screen to complete the setup.

You can use the Email OTP security method (see Authenticate with Email OTP) to log in and change your security methods. In your Settings, you can add Okta Verify to a new device (see Adding a Security Method) any time you are logged into myAuth. You can also remove Okta Verify (see Removing Security Methods) from your myAuth security methods completely or just from selected devices if you no longer have access to that device.

Okta FastPass is part of the Okta Verify app and allows passwordless authentication. You automatically have access to FastPass once you download the Okta Verify app and enroll your myAuth account. You must have the Okta Verify app installed on the device you are using to log in for FastPass to work. The Face ID or Passcode Verification setting must be enabled in the Okta Verify app for passwordless authentication to work. Users logging in with FastPass without Face ID or Passcode Verification enabled will still need to enter a password to authenticate (see Login with Okta FastPass).

Your username is the same as the email you entered during account creation. Users can change their primary email address (the address that will receive notifications from myAuth) without affecting the username. Users cannot change their username at this time.

Users are required to update their password every 60 days. You can change your password in the myAuth dashboard. See Updating Your Password for instructions.

Yes. Changing your email address will not change your username at this time. Any notifications from myAuth will go to the primary email address on file. See Updating Your Email for instructions.

If you see activity that you do not recognize, it is recommended you immediately update your password (see Updating Your Password for instructions). Review your security methods and make sure that they are up to date. If you suspect fraudulent activity, you can verify that your contact information (such as phone number and email addresses) have not changed.

You can also click Sign out in the End All Sessions box in your Settings. This will log your account out of any open sessions across any devices, including your current session, that have accessed your account.

myAuth will send automated emails regarding account actions that you have taken that could affect your account access (such as when you change your email or update your password). Any time you receive an email with activity that you do not recognize, you can secure your account by logging in, clicking on your name in the top right corner, and going to Settings. You can take the following actions:

• Update your password
• Make sure your contact information is accurate
• Review your security methods to make sure they are up to date

If you receive a suspicious message or call, do not respond. Verify the contact information of the organization and contact them directly.

Never give out your password or personal information to unsolicited messages or calls.

Remember that DoD, DMDC, and myAuth will never:

• Call to ask you to respond to a text or for your password
• Contact you to take control of your computer

Your account will be locked after too many failed sign-in attempts. Any time this happens, you will receive an email. Click the Unlock Account button in the email. You will be prompted to enter security methods and unlock the account. None of your information or applications will be changed while your account is locked.

To recover an account that has been hacked or hijacked, please call the DMDC CCC. After confirming your identity, an operator will be able to help you close out the compromised account and create a new account.

Your account may be in "Suspended" status. Please call the DMDC CCC. After confirming your identity, an operator will be able to help you.