Skip to main content

Activate Multi-Factor Authentication (MFA) for Your RDS Secure Website Account Now

On Friday night, August 16, 2019, CMS' RDS Center will implement a Multi-Factor Authentication (MFA) login requirement to access the RDS Secure Website, mandated by updated Federal security policy requirements. The RDS Secure Website will require all users to enter a time-sensitive unique MFA token to access the RDS Secure Website, in addition to their RDS Login ID and Password. In preparation for this requirement, each RDS Secure Website account must first have MFA activated prior to this time.

Multi-Factor Authentication (MFA), also known as two-step or two-factor authentication, is a security enhancement that allows you to provide two pieces of evidence, or "factors", to confirm your identity when logging in to your RDS Secure Website account. These credentials fall into two categories: something you know (i.e., your Login ID and Password) and something you have (i.e., your personal device). MFA helps protect you, your organization, and your retirees by adding an additional layer of security to your account, making it harder for someone else to log in as if they were you.

CMS' RDS Center has implemented Google Authenticator as the independent token generation software for the RDS Secure Website. Google Authenticator is a free application that is available for download to an iOS or Android device.

When MFA is adopted, CMS' RDS Center will also be implementing a one-time access token that can be sent to you via email or text (SMS) message in the event that your RDS MFA device is lost, damaged, or not working, and you are unable to reset your MFA configuration and need immediate access to the RDS Secure Website. Consequently, you will be prompted to provide a text-enabled device number to CMS' RDS Center during the MFA Activation process. Providing a text-enabled device number is optional. However, if you do not register a text-enabled device with your RDS user account, a one-time token cannot be provided to you via text (SMS) message. The one-time token feature is visible within the Secure Website but is inactive until Friday night, August 16, 2019, when MFA is required to log in.

In preparation for this new security initiative, the RDS Program Website and RDS Secure Website have been modified to allow all registered users to activate MFA for their user accounts now, before it will be required to log into the site.

Activate Multi-Factor Authentication (MFA) for your RDS Secure Website account now by clicking here: Activate MFA.


  • MFA may only be activated on one device at a time per user account.
  • You must have completed Registration and have received the user account confirmation email before activating MFA.
  • Activation only needs to be completed once for each new Secure Website account, unless you are setting up a new device or you need to reset your current MFA configuration.
  • Once MFA is activated for your account, it may be modified if needed. Refer to MFA Reset Instructions for guidance.
  • Individuals are responsible for maintaining and protecting their RDS Secure Website account access. It is a violation of Federal law to share or transfer user accounts or Login and Password information. Do not share the QR code, Secret Key, Google Authenticator token, one-time token or any other account information with anyone. Activate your MFA configuration with your own personal device, not the device of another person.

Please review the additional important information, including step-by-step instructions, in the new RDS User Guide section Multi-Factor Authentication.

Watch a short step-by-step video on how to activate your Multi-Factor Authentication.

Note: Current users will notice that the MFA pages within the Secure Website have a modernized look and flow to them. These pages have been updated to include a Help link, identified by a question mark button located in the upper right corner of the page. These Help links will take the user to the specific section of the RDS User Guide that offers guidance on that particular page and process. CMS’ RDS Center intends to add Help links to additional Secure Website pages in the future.

If you need more information, please contact CMS' RDS Center.

Page last updated: