Two-factor authentication for the Government Services portal became mandatory in mid-2023, a move the government framed as a critical upgrade to digital security. Officials pointed to statements from Maksut Shadayev, head of the Ministry of Digital Development, Communications and Mass Media, underscoring that usernames and passwords alone are no longer enough to access Gosuslugi.
The explanation from policymakers centered on adding a second verification factor to shield accounts that rely on simple passwords, which are more vulnerable to cyber threats. The plan outlined a phased transition in which users would receive a verification code via SMS or another secure method as the second factor. The rollout began earlier in the year, with full mandatory use anticipated by the summer, tightening security for all Gosuslug users.
Shadayev stressed that this additional layer of verification would counter common attack methods such as credential stuffing and phishing, contributing to a more resilient digital public service experience. The overarching aim remains to bolster trust in online government services by lowering the risk of unauthorized access to citizen accounts and sensitive information.
In related policy developments, the Ministry has previously announced guidelines for online voting in certain government programs and local associations, reflecting ongoing efforts to weave secure digital processes into public service platforms. Stakeholders were advised to prepare for these enhancements as part of a wider modernization agenda [Citation: Ministry of Digital Development].