The National Science Foundation (NSF) is implementing the mandatory use of multifactor authentication (MFA) for Research.gov sign-in, effective on Sunday, Oct. 27, 2024, according to a Dear Colleague Letter (NSF 25-011). All users must first complete a one-time process that will be available starting on Oct. 27 to enroll in a phishing-resistant MFA method and then use MFA to sign into Research.gov going forward. While regular MFA adds an extra layer of security, phishing-resistant MFA is specifically intended to withstand phishing attacks by using authentication methods like a fingerprint or a security key that are harder for bad actors to exploit.
Training resources: To help the research community quickly learn how to use the new MFA method, training resources, including how-to guides and frequently asked questions (FAQs) will be available on the new About Signing Into Research.gov page on Research.gov Help on Oct. 27.