Russia’s government has formally approved a policy to require an extra verification step when users log in to the government services portal. The announcement came through the official channels via TASS, which cited the relevant order outlining the changes. This shift marks a significant change in how citizens access public digital services and how their personal information is guarded as they navigate state portals.
Under the new rules, access to the portal will go beyond the traditional username and password. In addition to those credentials, users will be asked to confirm their identity with a one time SMS code, a code generated by a dedicated authentication app, or biometric data such as fingerprints or facial recognition. This multi layer approach is designed to create a stronger barrier against unauthorized access and to reduce the risk of password based fraud, phishing, and other common attack vectors that target user accounts.
The authorities also clarified that a one time login without two factor authentication remains possible, but only for a single session. After that initial access, the system will enforce the additional verification methods for subsequent logins, reinforcing protection for sensitive government data and personal records stored on the portal. This plan aligns with broader efforts to modernize public sector digital services while keeping pace with evolving security standards and user expectations.
From October 1 onward, two factor authentication becomes mandatory for new users and for accounts that are being restored. This means that individuals who are creating a new account or recovering access will immediately encounter the extra step, and existing users may be prompted to enroll in the second factor mechanism during maintenance windows or upcoming login activities. The intention behind the timing is to balance a smooth transition with the imperative to shield user information from potential breaches, especially as cyber threats continue to evolve.
Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technologies and Communications, emphasized the security rationale behind this shift. He noted that two factor authentication in civil services requires more than a password. By adding a code delivered via SMS, or a code produced by a secure application, or biometric verification, the system restricts access to those who truly possess the necessary verification factor. The net effect, according to the official, is to substantially reduce the probability that fraudsters could impersonate legitimate users and gain entry to confidential records held on public service platforms. This framing underscores the government’s commitment to safeguarding citizen data while continuing to provide convenient digital access to essential services.
In discussions around this topic, experts have pointed to the two factor approach as a practical measure that complements server side protections, fraud detection analytics, and robust identity verification workflows. The shift is framed not as a retreat from digital accessibility but as a strengthened mechanism that helps ensure that citizens can interact with public services securely and with confidence. The public services portal, used by millions of residents, stands to benefit from clearer authentication signals, less interruption due to credential compromise, and a more resilient reputation for government digital offerings.
Looking ahead, users should prepare for the new login experience by checking whether their contact details are up to date for SMS codes, ensuring their authenticator apps are installed and synchronized, or enrolling biometric options where supported by their devices. If a user encounters issues during enrollment or login, official channels typically provide guided steps to reattempt verification or recover access, with an emphasis on maintaining privacy and safeguarding personal data. As with any security update, the goal is to strike a balance between user convenience and stronger protection, so that everyday interactions with public digital services remain both straightforward and trustworthy.