DataWeb - New Login Process

On April 13, 2023, the DataWeb application transitioned to using a new authentication service called Login.gov provided by the General Services Administration (GSA). This change requires users to complete two methods of authentication, commonly called two-factor authentication, when attempting to login to a DataWeb user account.

WHY?

Executive Order 14028

As required by Executive Order 14028 on Improving the Nation’s Cybersecurity (EO 14028), the USITC must adopt multi-factor authentication to login and access a user account within a web application. As part of meeting this mandate, the USITC has elected to use the multi-factor authentication service Login.gov, which has been developed and provided by GSA and is being widely adopted within the Federal government for use when logging in to web applications.

What is multifactor authentication?

Multi-factor authentication (MFA) is a layered approach to securing data and applications where a system requires a user to present two or more credentials to verify their identity for login. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted web application.

To learn more about multi-factor authentication, visit https://www.cisa.gov/mfa.

Why Login.gov?

Login.gov uses two-factor authentication, and stronger passwords, that meet new National Institute of Standards and Technology requirements for secure validation and verification.  It is also a FedRAMP certified system that meets required security standards.  By using Login.gov, the USITC meets the requirements of EO 14028, and users get an extra layer of security to help protect their system accounts against password compromises.

What does this mean for DataWeb users?

  1. All users will be required to create and maintain a Login.gov account which will be linked with their DataWeb user account.
  2. All current DataWeb users will retain all their settings and saved searches and HTS lists they have saved.
  3. Users have the option to unlink their Login.gov account from their DataWeb account at any time.
  4. The use of reCaptcha within the DataWeb application is no longer needed and will be removed.   
     

What do all users need to do?

You will need to create a Login.gov account if you don’t already have one. 

You’ll need to:

  1. Create a Login.gov account - you only need to do this once.
  2. Enter an email address— it is recommended that you use the same email address that is associated with your DataWeb user account.
  3. Create a new password.
  4. Select your first method of authentication—having another way to sign in keeps your account more secure than using only a password. You can choose between text messages, phone calls, an authentication application, a security key, or backup codes. U.S. government employees can also use their PIV card or CAC.
  5. Select a backup method of authentication—you need to select a backup method, in case you don’t have access to your first choice (for example you don’t have access to your phone).
  6. Once you’ve finished setting up your Login.gov account, you’ll go back to the DataWeb application to finish the process. 
  7. Every time you attempt to sign into DataWeb, you will need to use your Login.gov email address, password, and one of the two-factor authentication methods you set up.
  8. The first time you login to DataWeb, you will be prompted to associate your Login.gov account with your DataWeb account. You will be sent an email to the email address associated with your DataWeb account. The email provides a link through which you will complete the account association process.
  9. Then you are done!

 

Contact and Getting help

If you require assistance in preparing for this change or logging in to DataWeb after the transition to Login.gov, please contact the USITC through the DataWeb Help form.