eServices Portal Users Must Use Multi-Factor Authentication (MFA)
To enhance the security of Medicare data, CMS requires the use of multi-factor authentication (MFA) in eServices. After successfully entering your user name and password, you will be directed to the MFA verification screen where you will need to enter an MFA verification code to complete the login process.
Once on this screen you will be prompted to select a method to receive your MFA code. You may elect to either receive a text (if the mobile phone number was entered on the My Account tab) or an email message. All users will have the option to receive their code via email by default.
How It Works
MFA adds an extra layer of security to your eServices account. You must enter an MFA verification code each time you log into the portal.
1. You will enter your account password as usual.
2. Then, you will select your preferred method of delivery between email or a text message (if you have added a mobile phone number to your account).
3. After you have made your selection you will be sent either a text or email message with an eight digit verification code. Enter the code in the field provided on the verification page. Upon successful validation of the verification code, you will be able to access the portal.
Your verification code can be reused repeatedly for up to 12 hours from the time the code was requested. If you are reusing your verification code, enter the code in the box on the "How do you want to be verified" screen. You may still request a new MFA code at any time. Simply use the "Didn’t get the code" link to begin the request. Once a new MFA code is generated, the previously generated MFA code cannot be used.
Once logged into eServices, you may access the My Account tab to add mobile number information for the additional option to receive your MFA verification code via text message (standard messaging rates may apply).
As you type in the Carrier field, a list of carrier options will display in a list. You must select the carrier that is associated with your mobile number. Failure to select the appropriate carrier will result in undeliverable MFA codes messages. If your carrier is not listed, you will not be eligible to receive the MFA code via test message.
Note: Providers who have linked their accounts will only need to add a mobile phone number for their default account.
If you request an MFA verification code via one method (text or email) and it is not received in a timely manner, you can request to receive the verification via the other method, text message or email. If you are having issues receiving the MFA timely via text, you may want to contact your mobile carrier. |
For step-by-step instructions on authenticating using MFA, please see the eServices User Manual (PDF, 7.85 MB).