Multi-Factor Authentication Help

How to Use Multi-Factor Authentication for the NPDB
This video provides an overview of and instructions on how to use MFA to sign in to your NPDB user account.
Watch the Video (3:10)The NPDB is moving to a system to require multi-factor authentication, or MFA, for all user accounts. MFA requires something you know, such as password, and something you have, like a mobile phone, for authentication. It is a more secure method, so frequent password changes are not necessary. MFA will be required to access all NPDB user accounts in the future. The Department of Health and Human Services' External User Management System, or XMS, administers MFA for the NPDB.
How do I enable MFA for my account?
- On the Sign In To Your User Account page, select Sign in with a DBID and User ID.
- On the Select an Option page, select Update User Account.
- At the bottom of the User Account Information page, select Select an MFA service.
Note: For accounts with the QRXS role, you will need to first create a separate QRXS password. - Create an account with ID.me.
- If you have a PIV card or CAC, skip this step.
- If you already have an ID.me account, you can link it to the NPDB.
- Follow the instructions to link your account through your MFA service.
Q&As
- What is MFA?
Multi-factor authentication (MFA) is an authentication method that requires users to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management policy.
MFA requires something you know, such as a password, and something you have, like a mobile phone, for authentication. It is a more secure login method, so frequent password changes are not necessary.
- What is ID.me Exit Image
?
ID.me is a sign-in service operated by a trusted technology provider. The ID.me secure digital identity network has 100 million members with over 70,000 individuals joining daily, as well as partnerships with 31 states, multiple federal agencies, and over 500 name brand retailers.
- Should I use my existing ID.me account to enable MFA with the NPDB?
Yes. You should link your existing ID.me account to your NPDB account.
- Can I create a separate ID.me account if I already have one?
No. You can only have one ID.me account.
- Should I use my NPDB account email for my ID.me account?
You may use any email address for your ID.me account. You may also add a secondary email Exit Imagein case you lose access to your primary email.
- What if I use a credentialing software (QRXS) to access the NPDB?
To use MFA, you will need to create a separate QRXS password for your data transmissions. The QRXS password expires every 180 days. You will only use MFA to sign in to your account through the NPDB website.
- How do I know if my NPDB account is linked to use MFA?
You will see a confirmation message on your Update User Account page when your account is linked. When you go to the NPDB sign in page, you must sign in with your MFA account.
- Will I still be able to use my NPDB user ID and password to sign in?
Once you enable MFA, you will no longer need your DBID, user ID, or NPDB password to sign in.
- Do I have to change my NPDB password if my account is linked to use MFA?
No, once you have enabled MFA, you will no longer have an NPDB password.
- I received an XMS-3208: User Management Error when I sign in with my ID.me account. What should I do?
The 3208 error may be an indicator that you have created an account with XMS through a different MFA service. Use this help article Exit Imageto add ID.me to your profile. If you continue to receive an error when logging in with MFA, please contact us.