INDIANAPOLIS (March 16, 2021) – Two-factor authentication will become mandatory in late April for military members, military retirees and annuitants, and federal civilian employees accessing accounts in the myPay pay management system. 

According to officials with the Defense Finance and Accounting Service, the requirement is part of an effort to assist customers with maintaining the security of their online financial and personal information. The myPay 2-Factor Authentication will send a one-time PIN to an email address or smart device of the customer’s choosing that must be entered during login to access a myPay account.

Customers using smart cards to log into myPay will not have to enter the random 1-time PIN when accessing myPay with their smart card, as their CAC or PIV card provides suitable verification of their identity to the myPay system. Smart card users will still be required to select a preferred method for receiving one-time PINs during login when they need to access myPay while away from their work computers.

Multi-factor (or 2-factor) authentication is rapidly spreading in use across government, educational and commercial online environments as an added protection against online theft and fraud. Criminals seek to obtain information such as bank account numbers, names, addresses and other data they can use to create bogus accounts, request loans or credit cards using stolen identities and even redirect deposits to accounts they can use to extract members’ pay.

myPay’s 2-factor authentication was introduced last year and more than 1.2 million users, including 400 thousand military retirees, have selected their preferred method to receive a one-time PIN for use during login. Once the mandatory requirement becomes effective, users will be presented with entry screens for adding or changing smart phone numbers or email addresses they wish to use.