Over the next 18 months, the Defense Department will replace the legacy DS Logon system, which authenticates users onto more than 200 DOD and Veterans Affairs websites, with a more modern and flexible system called myAuth.
The new authentication system offers a range of features that will simplify the login process for approximately 20 million individuals who use it, including military personnel, DOD civilians, military and civilian retirees, family member beneficiaries, contractors and vendors.
The myAuth system is based on a commercial product, rebranded for the Defense Department, which provides cloud-based "identity as a service" capabilities to the department. It is hosted on a secure DOD cloud and has been authorized by the Defense Information Systems Agency, said Zachary R. Gill, the branch chief of identity credential access management and partner services within the Defense Manpower Data Center.
Gill said one of the significant advantages of myAuth is that it provides secure access for individuals, such as retirees and beneficiaries, who may not have a common access card and cannot authenticate into a system using certificates contained within a CAC. However, the system also provides access options for individuals who have a CAC but may not be able to utilize it in certain circumstances.
For example, he presented a scenario in which a soldier or civilian employee might be traveling on orders booked through the Defense Travel System. At the airport, problems with the airline may mean the orders need to be changed, but since the traveler does not have access to a CAC-enabled computer, this poses a challenge.
"With myAuth, you would be able to provide an alternative credential, and therefore, you'd be able to access DTS from your personal cellphone and update your travel orders or make changes," Gill said.
He added that a CAC will no longer be the only way to access systems. Other methods, on a case-by-case basis, will provide the user with a variety of login options.
The myAuth utilizes Okta Verify, which can be installed on a personal or government-issued cellphone and will serve as a means to provide CAC-free access. The app includes biometric capabilities for both face and fingerprint recognition.
Gill said the methods of access allowed are set by the system owner, but myAuth can do it all.
"For instance, if I'm accessing DTS, the DTS application may say it needs a higher-level assurance for people to be able to access it," he said.
Gill described a CAC as authenticator assurance level three, the "gold standard" for authentication. However, lower levels of authentication could also be used if a system's administrators permit it.
Not everybody in the community who will be served by myAuth has a CAC or a smartphone, Gill said. And the things they need to access might not require the highest levels of authentication. The myAuth system will flex to meet their needs.
"In our community, we serve a lot of members that may not have access to smartphones and may not have access to technology," he added. The legacy DS Logon is not the only system being replaced by myAuth, though it is the largest. Gill said other systems in use throughout DOD will also be shuttered and replaced by myAuth.
"There are multiple authentication systems across the department that each department is paying for individually, which means each department is paying for sustainment costs or licensing costs," he said. "myAuth will collapse those one-off systems, providing an enterprise solution."
A key performance metric for myAuth is system availability, the assurance that the system will always be available to authenticate users into critical Defense Department systems. Gill said the target for system availability with myAuth is that it be available to serve users 99.99% of the time.
Although the target for decommissioning the DS Logon is 18 months, Gill said users can log in to myAuth now and set up an account using their DS Logon credentials. If users wait until after DS Logon is gone, he said the process to create a new account will require reverifying the user's identity if they do not have a CAC. Active-duty service members and DOD civilians with a CAC will likely have no problem transitioning to myAuth, he said, adding that their daily use of systems that currently offer both DS Logon and myAuth as authentication methods will be a reminder to sign up for an account.
However, for the significant portion of users who do not use DOD systems daily, such as retirees, family members and contractors, Gill said getting the word out is a top priority.
"We've started executing our communications plan. We've already sent out several million emails to our community to let them know," he said, adding that the Defense Manpower Data Center has partnered with the Defense Health Agency to let users who access related Tricare-related systems know about the switch.
Gill said the myAuth website also provides assistance.
"If you hit the myAuth page, we have a new help section," he said. "And one of the cool features from myAuth that DS Logon did not have is the help feature. So, when you go to myAuth, there's a button that [is labeled] 'help.' And when you click that, it's going to break down everything about what myAuth is, how to log in, frequently asked questions and what creating a new account looks like."
As of July 14, 2025, over 740,000 DOD-affiliated personnel have created myAuth accounts. Importantly, the success rate for self-service account creation exceeds 99%, minimizing the need for users to contact the call center.