Our security practices
MyMassGov uses a variety of authentication methods to protect your data and ensure the service remains available to all users. These methods include monitoring and recording network traffic (any data going in and out of MyMassGov) to identify unauthorized attempts to change information or otherwise cause damage.
Unauthorized access or use of MyMassGov (e.g. for criminal purposes or to cause damage) is against the law and may subject you to criminal prosecution and penalties.
Multifactor authentication
Multifactor authentication is a secure method of verifying whether a user attempting to log in with an email address and password is, in fact, the owner of the account. Upon account creation, users choose how they would like to receive an MFA verification code, which can be sent to an authentication app on their smartphone, texted to them, or shared via a phone call. When you log in, you may be asked to provide this code in addition to your email and password, ensuring that only someone with your phone can log into your account.
There are multiple ways to set up MFA. If you don't have an authentication app, you can choose to have your one-time verification code sent to you via text message or phone call instead.
If you don't have a smartphone, authentication apps are the most secure MFA method, so we highly recommend downloading one. Read more about how to set up MFA authentication.
If you don't have a smartphone, you can receive your one-time verification code via text message or phone call if you do not have a smartphone. See step-by-step instructions for setting up MFA.
Security policies
MyMassGov follows all security policies and standards set by the Executive Office of Technology Services and Security. You can read those policies and standards here.
You can also read about how we protect your privacy in the Mass.gov Privacy Policy.
Vulnerability management standard
View our Vulnerability Management Standard for details and how to report discovered vulnerabilities.