About Signing into Research.gov

GETTING STARTED

In order to sign into Research.gov, you must register for an NSF account. Refer to the link here if you need to register for an NSF account. You can sign into Research.gov using one of the following three options:

MULTIFACTOR AUTHENTICATION

Effective on October 27, 2024, NSF implemented multifactor authentication (MFA) for Research.gov as part of an ongoing commitment to enhancing security and safeguarding NSF's IT systems, user accounts, personal and scientific data, and the integrity of the merit review process. This extra step protects both the research community and NSF. See Dear Colleague Letter (NSF 25-011) for details. View the MFA Options Overview.

Sign in using your NSF Account Credentials 

Sign into Research.gov account with your NSF ID + password or Primary Email address + password. If you access Research.gov using NSF credentials, you must set up MFA in Research.gov to sign in.

The MFA options that will display and will be available to select will depend on what role you have in Research.gov. If you have a financial or administrative role, you must use a phishing-resistant MFA method. If you have other roles such as Principal Investigator or Reviewer which do not have financial or administrative privileges, you can select an MFA or phishing-resistant MFA method; however, NSF strongly recommends that all users choose a phishing-resistant MFA. NSF urges you to also set up a secondary MFA method in case your primary MFA method is unavailable (e.g., you do not have their mobile phone with you).

How do I set up MFA on Research.gov? 

Follow the step-by-step instructions in the how-to guide linked below for each MFA method. View the Frequently Asked Questions for additional guidance.

What MFA security methods are available? 

Depending on your role in Research.gov, there are Google Authenticator and Okta Verify MFA options and Security Key and Biometric phishing-resistant options. The following table shows the roles and corresponding MFA options.

 User RoleMFA Options Set Up in Research.gov
Phishing- resistant MFAUsers with Administrative and Financial Roles:
  • Passkey
  • PIN
  • Fingerprint (biometric)
  • Facial recognition (biometric)
  • Security Key
  • Administrator
  • Awardee Preparer
  • Awardee Certifier
  • Awardee Financial Representative
  • Proposed Postdoctoral Fellow
  • Authorized Organizational Representative (AOR)
  • Sponsored Projects Officer (SPO)
  • Foreign Financial Disclosure Report (FFDR) Preparer
  • View Only (View Reports)
MFAOther Users
  • Google Authenticator
  • Okta Verify
  • Principal Investigator (PI) or co-Principal Investigator (co-PI)
  • Other Authorized User (OAU)
  • Reviewers (includes ad hoc reviewers, panelists, and other meeting participants)
  • Graduate Research Fellowship Program (GRFP) Applicant
  • GRFP Fellow
  • GRFP Coordinating Official (CO)
  • GRFP Alternate Coordinating Official (Alt. CO)
  • GRFP Financial Official (FO) 
  • Users without roles including newly registered users, reference letter writers, and Education & Training Application (ETAP) participants

Refer to the table below to determine the device and operating system requirements needed for each MFA security method in Research.gov:

 Requirements 
 Security MethodsHow to GuidesVideo TutorialsPhysical DevicesOperating SystemInstallationAllows Sign-in from Multiple Devices?
Phishing- resistant MFAPassKeyi  PassKey TutorialMobile device (smartphone or tablet)
  • Windows 10/11
  • Mac 12/13/14
 Yes
PINi  PIN Setup TutorialWindows computer with Windows Hello for Business + PIN 
(PIN option not available on MAC computers)
  • Windows 10/11
 No
Fingerprinti  Fingerprint Scanning TutorialWindows or Mac computer with Windows Hello for Business + Fingerprint reader
  • Windows 10/11
  • Mac 12/13/14
 No
Facial Recognitioni  Facial Recognition TutorialWindows computer with Windows Hello for Business + Built-in Camera 
(Facial recognition option not available on MAC computers)
  • Windows 10/11
 No
Security Keyi  Security Key TutorialWindows or Mac computer with FIDO2 token (e.g., YubiKey)
  • Windows 10/11
  • Mac 12/13/14
 Yes
MFAGoogle Authenticatori  Google Authenticator TutorialMobile device (smartphone or tablet)
  • Android 10+
  • iOS 16/17
Google Authenticator appYes
Okta Verifyi  Okta Verify TutorialMobile device (smartphone or tablet)
  • Android 10+
  • iOS 16/17
Okta Verify appYes

Sign in using your Organization Credentials (InCommon Federation Organizations Only) 

InCommon is a non-profit organization offering services in federated identity management to its members – institutions of higher education, federal agencies, research organizations, and corporations with affiliations with higher education in the United States and abroad that provides services to member institutions and reaches more than 4.5 million end users. The NSF Identity and Access Management platform trusts the universities and organizations as identity providers when they are members of the InCommon Federation network. All trusted Identity providers with whom NSF integrates are listed on the Research.gov Sign In page using the dropdown. You can select your organization from the dropdown and use your organization-issued credentials to sign into Research.gov.

InCommon Federation users can continue to use their organization-issued credentials to sign into Research.gov on or after October 27, 2024, if the participating organization requires MFA for systems access.

Sign in using Login.gov

NSF enabled Login.gov as a Research.gov sign-in option in 2022. Users can continue using Login.gov on or after October 27, 2024, to sign into Research.gov if a phishing-resistant MFA is used. The phishing-resistant options are face or touch unlock and security keys. See https://www.login.gov/help/get-started/authentication-methods/ for details.

MFA Security Method Management 

If you wish to update your Research.gov MFA security method, follow the steps below:

  • Navigate to My Profile after signing into Research.gov
  • Click on Change Password or Security Methods
  • Click on Manage security methods
  • From that page, you can remove or set up additional security methods.
  • You will be prompted to use your second factor for verification before you can update your security methods. 

Password Management

NSF account holders can reset their passwords themselves in Research.gov. The Password Reset Guide provides guidance on resetting your password or recovering your account if a password has been forgotten. Passwords for users with financial or administrative roles expire every 60 days and must be reset.

Password Reset Guide 

Password Requirements 

  • Minimum length: 8 characters
  • At least one lowercase letter
  • At least one uppercase letter
  • At least one number (0-9)
  • At least one of the permitted symbol (!@#$%^&*)
  • Does not contain part of username
  • Does not contain first name
  • Does not contain last name
  • Cannot reuse last 5 passwords

Helpful Links

Quick Reference Guide 

FAQs

MFA Options Overview

How Ad Hoc Reviewers Access Assigned Proposals for Review