Enabling Multifactor Authentication (MFA) on Your FEMA SID Account
Multifactor Authentication (MFA) for your FEMA SID account will be required beginning March 26, 2025. Once MFA has been enabled, you will be required to choose and set up your preferred MFA method the first time you log in using your FEMA SID number and password.
When instructed to select your preferred MFA method, you will need to select “Authenticator App” (recommended) or “Email” to continue with enrollment. Once you have selected your desired method, click the “Continue” button. If you plan to use the “Authenticator App” option, we recommend that you download the suggested Microsoft Authenticator app (or other authenticator app of your choice) prior to beginning this process. You can download the Microsoft Authenticator App from one of the following applicable links:
- App Store (Apple): https://apps.apple.com/us/app/microsoft-authenticator/id983156458
- Google Play: https://play.google.com/store/apps/details?id=com.azure.authenticator
Authenticator App Method
- Select “Authenticator App” and click “Continue.”
- If you have not downloaded and installed the Authenticator App, you can use one of the appropriate links above to do it now.
- Open your authenticator app and click the “+” icon to add your account.
- Scan the QR code on your computer/device (do not scan the example QR code) with your phone or choose the “Still having trouble?” option.
- If you scanned the QR code with your phone, click “Continue” to enter the provided 6-digit code and click the “Verify” button.
- If you cannot scan the QR phone with your phone, choose the “Still having trouble?” option.
- Capture the “Account Name” and “Secret.”
- Return to your Authenticator app and enter the “Account Name” and “Secret.”
- The account will be added to your Authenticator App, and you will receive your 6-digit code to authenticate.
- Enter the provided 6-digit code and click the “Verify” button.
- If you do not clear the cookies in your internet browser, you will be authenticated on that device for 21 days. During this time, you will be able to log in to that device with only your FEMA SID number and password.
Email Method
- If you choose the “Email” option, the “Work Email” on your FEMA SID account will be used for authentication. If you no longer have access to that email address, you will need to contact the FEMA SID Help Desk (femasidhelp@cdpemail.dhs.gov) to update the “Work Email” on your FEMA SID account.
- To successfully authenticate, you must retrieve and enter the verification code from this email address quickly before it expires.
- Select “Email” and click the “Continue” button.
- Click the “Send verification code” button.
- Check your email for the verification code email. Enter the verification code from the email in the “Verification code” box and click the “Verify code” button.
- Click the “Continue” button to authenticate.
- If you do not clear the cookies in your internet browser, you will be authenticated on that device for 21 days. During this time, you will be able to log in to that device with only your FEMA SID number and password.
Multifactor Authentication FAQ
What is Multifactor Authentication (MFA)?
Multifactor Authentication requires two different factors of identity to log/sign in to your web/online/mobile service account:
- Your username/user id and password combination
- A one-time security code sent via your preferred contact method (authenticator app or email).
Why is MFA required to log in to FEMA SID and CTAS?
MFA is a Federal Government IT security mandate for all Federal Government web applications and systems.
What is the purpose of MFA?
The goal of MFA is to create a layered defense that makes it more difficult for an unauthorized person to access another person’s user account, computing device, network or other IT applications/systems. MFA enhances and increases security by requiring users to identify themselves by more than a username and password. Enforcing the use of MFA increases confidence that your account will stay safe from cyber criminals. It is an essential security measure to help protect users from the threat of cyberattacks. MFA creates a more difficult environment for hackers to attack.
How often do I have to authenticate?
You will be prompted initially after you select your preferred MFA method to authenticate and will remain authenticated for 21 days on that specific device if you do not clear the cookies in your internet browser. During this time, you will be able to log in with only your FEMA SID number and password on that specific device. Your first attempt to log in on a different device will require you to go through the MFA process on that device.
What MFA verification methods can I use?
Authenticator App and Email are currently the only MFA verification methods available. Text messaging and PIV-card verification methods are currently unavailable.
Why can’t I use text messaging or my PIV-card for MFA verification?
Unfortunately text messaging and PIV-card log in are not currently available for MFA verification methods.
How do I change my preferred MFA method?
You must contact the FEMA SID Help Desk at femasidhelp@cdpemail.dhs.gov to request to reset your preferred MFA method.
Why can’t I change my email address with the Email method?
If you choose the “Email” option, the “Work Email” on your FEMA SID account will automatically be used for authentication. If you no longer have access to that email address, you will need to contact the FEMA SID Help Desk at femasidhelp@cdpemail.dhs.gov to request to update the “Work Email” on your FEMA SID account.
What Authenticator App can I use?
It is suggested to use the Microsoft Authenticator App or any Authenticator App of your choice. It is recommended to download the suggested Microsoft Authenticator app (or other Authenticator App of your choice) prior to beginning this process. You can download the suggested Microsoft Authenticator App from one of the following applicable links: