Pentagon expands secure login access with myAuth rollout

In a sweeping overhaul of digital access across the systems of the Departments of Defense (DOD) and Veterans Affairs (VA), the U.S. government has begun rolling out a new login verification platform called myAuth. This identity-as-a-service platform is set to replace the legacy DS Logon system, a move that will affect more than 20 million users over the next 18 months.

With this transition, the Pentagon aims to streamline secure access to more than 200 websites and services, modernize authentication standards, and reduce the long-standing reliance on physical credentials like the Common Access Card (CAC).

As the transition continues, defense leaders are encouraging users to familiarize themselves with the myAuth platform and complete their registration early. With national security and user privacy increasingly intertwined in the digital era, the successful deployment of myAuth represents a critical milestone in securing not only DOD systems, but the trust of the millions of people who rely on them.

Launched in May, the myAuth system is a cloud-based identity verification solution built on Okta’s commercial authentication technology. It has been customized, rebranded, and securely hosted within a DOD-authorized cloud infrastructure.

Unlike DS Logon, which relied primarily on passwords and username combinations, myAuth incorporates modern multi-factor authentication (MFA) standards. This includes a combination of methods such as facial recognition, fingerprint scanning, one-time passwords sent via SMS or email, and app-based authenticators like Okta Verify or Google Authenticator.

The move represents a significant shift toward aligning the Pentagon’s digital identity posture with the zero-trust principles championed by the Biden administration and reinforced through various federal cybersecurity executive orders and memoranda.

The phased rollout of myAuth began with two of the most widely used platforms: milConnect and ID Card Office Online. Both platforms serve as central hubs for military personnel, civilians, retirees, contractors, and their dependents to access benefits information, update personal data, and manage service-related records.

By July 14, just two months into the migration effort, more than 740,000 users had successfully registered with myAuth, demonstrating a success rate above 99 percent. DOD officials emphasized that early feedback has been overwhelmingly positive and credited the platform’s ease of use and streamlined verification options for the smooth transition.

The decision to retire DS Logon stems from multiple security and logistical challenges. DS Logon had become increasingly outdated in the face of escalating cybersecurity threats and evolving user needs. It lacked flexible authentication options and was cumbersome to use for individuals without a CAC or a CAC-enabled device. myAuth, in contrast, offers a scalable, adaptive solution that provides secure access whether users are at a government workstation or checking in from a personal phone in an airport.

Officials from the Defense Information Systems Agency (DISA), which is overseeing the rollout, highlighted that myAuth reduces friction and improves resilience against identity theft, phishing, and credential compromise.

While CAC cards will remain in use, especially for active-duty personnel and DOD employees accessing classified systems or physical installations, myAuth serves as a much-needed complement to existing infrastructure. It allows the Pentagon to serve a broader user base, including family members, retirees, National Guard members, and contractors, many of whom do not carry a CAC.

Through myAuth, these users can now access DOD and Veterans Affairs systems using secure digital credentials and flexible MFA without requiring specialized hardware.

One of the key advantages of myAuth lies in its adaptive architecture. Recognizing that not all users have access to CAC readers or smartphones capable of biometric authentication, myAuth introduces a “flexible authentication posture” that adjusts based on user capability. Users with limited access to technology can still log in securely using email or SMS-based MFA, while those with more advanced devices can opt into higher-tier methods like facial or fingerprint verification. This approach broadens access and promotes inclusivity without compromising security.

The migration process for existing DS Logon users has been designed to be as seamless as possible, the Pentagon says. Users who already have a DS Logon account can migrate to myAuth by verifying their identity through their existing credentials. Once their identity is confirmed, they are prompted to select their preferred multi-factor authentication methods and complete the setup.

For users who lack a DS Logon account but need access to DOD services, such as new military spouses or recently separated service members, a one-time identity proofing process is required. This includes verifying personal details through authoritative data sources followed by myAuth registration.

Users who delay transitioning from DS Logon may eventually face temporary disruptions in accessing their benefits and services, DOD said, noting that as it phases out the legacy system, users who attempt to log in without a valid myAuth account will be prompted to verify their identity through the new system.

While the transition period is expected to last up to 18 months, Pentagon officials are urging all users to act proactively to avoid service interruptions. The Defense Manpower Data Center is working in tandem with the Defense Health Agency and other stakeholders to notify users of the upcoming changes through email alerts, login banners, and social media outreach. Resources are also being made available to assist with the transition, including a helpdesk, tutorials, and detailed guides.

The introduction of myAuth also brings long-term operational and fiscal benefits to the Department of Defense. Rather than maintaining multiple fragmented authentication systems across dozens of agencies and departments, myAuth offers a centralized, enterprise-wide solution.

This consolidation is expected to reduce maintenance costs, improve auditability, and support cybersecurity compliance mandates under frameworks such as the Federal Identity, Credential, and Access Management (FICAM) guidelines and Executive Order 14028 on improving the nation’s cybersecurity. FICAM guidelines provide a framework for federal agencies to manage and secure access to their IT resources.

Beyond improving individual access, myAuth positions the Pentagon to better respond to threats in an increasingly digital battlespace. By strengthening user identity verification, the system supports broader zero-trust security architecture goals, where trust is never assumed and every access request must be continuously validated. This is especially critical in an environment where cyber adversaries routinely target personnel systems, military family portals, and benefits platforms to gather intelligence or conduct fraud.

According to defense cybersecurity experts, the modern threat landscape requires systems like myAuth that are built for resilience, scalability, and rapid adaptation to emerging threats. Sean Frazier, Okta’s federal chief security officer, said last month that, “Identity has always been a very important security construct. You really can’t start securing something until somebody tries to log in to get access to data.”

The launch of myAuth signals a broader shift in how the federal government approaches digital identity. While private sector users have long had access to MFA and identity-as-a-service platforms, many government systems have remained dependent on outdated login tools or expensive physical tokens. By investing in a government-secured commercial platform, the Pentagon is demonstrating a willingness to modernize infrastructure in a way that balances security, usability, and cost-effectiveness.

Looking ahead, officials plan to integrate myAuth with even more DOD and VA platforms, replacing DS Logon entirely by late 2026. As part of that effort, additional services such as the Defense Travel System, Tricare Online, and the VA’s eBenefits portal are expected to adopt myAuth over the coming months. These integrations will expand the reach of secure, passwordless access to millions of users while allowing the government to more efficiently manage digital identities at scale.

Article Topics

cybersecurity  |  Department of Defense  |  digital identity  |  identity verification  |  military  |  multifactor authentication  |  myAuth  |  Okta  |  U.S. Government