This page contains answers to Common Questions about registering as an RDS Secure Website user. Review this page to learn about how to register as an RDS Secure Website user, how often to change your Password, and more. For additional information refer to the Register as an RDS Secure Website User section of the RDS User Guide.
- What is a Login ID?
- What are Security Questions?
- What are the Password requirements?
- How often do I have to change my Password?
- How do I register as an Account Manager?
- How do I register as an Authorized Representative?
- How do I register as an Actuary?
- How do I register as a Designee?
- What is the User Agreement?
- What is Multi-Factor Authentication (MFA)?
What is a Login ID?
ANSWER: Each user creates a Login ID during Registration, which allows access to the RDS Secure Website.
Create a Login ID based on the following requirements:
- Must be 8 to 15 characters
- Can only contain Uppercase letters, Lowercase letters or numbers
Answer ID: 300-1
Date Posted: 10/17/2014
What are Security Questions?
ANSWER: During Registration, each user selects two Security Questions and enters Answers to those Security Questions. Security Questions are used to protect personal information and reset Passwords.
Note: Security Questions can only be changed once in a 24-hour period. For more information, refer to Change or Reset Security Questions in the RDS User Guide.
Answer ID: 300-2
Date Updated: 4/15/2022
What are the Password requirements?
ANSWER: Each user creates a Password during Registration, which allows access to the RDS Secure Website.
Create a Password based on the following requirements:
- Must be 8 to 14 characters in length
- Must begin with a letter
- Must include each of the following:
- 1 - Lowercase letter
- 1 - Uppercase letter
- 1 - Number
- 1 - Special character
- Must not contain the Login ID
- Must not contain a reserved word. For more information, refer to Reserved Words List
- Must not be a dictionary word or name
- Password cannot match 4 consecutive characters in the most recent Password
- Password cannot match any of the previous 6 Passwords
Note: Passwords can be changed five (5) times in a 24-hour period. If a user changes their password the maximum five (5) times and then locks their account again on the same day, the user cannot change their password to unlock their account until 24 hours have passed. CMS' RDS Center cannot unlock user accounts. For more information, refer to Change Password in the RDS User Guide.
Answer ID: 300-3
Date Updated: 1/25/2024
How often do I have to change my Password?
ANSWER: Passwords must be changed every 180 days. For more information, refer to Change Password in the RDS User Guide.
Answer ID: 300-4
Date Updated: 4/15/2022
How do I register as an Account Manager?
ANSWER: Refer to Account Manager Registration for required registration information and step-by-step instructions.
Answer ID: 300-5
Date Posted: 10/17/2014
How do I register as an Authorized Representative?
ANSWER: Refer to Authorized Representative Registration for required registration information and step-by-step instructions.
Answer ID: 300-6
Date Posted: 10/17/2014
How do I register as an Actuary?
ANSWER: Refer to Actuary Registration for required registration information and step-by-step instructions.
Answer ID: 300-7
Date Posted: 10/17/2014
How do I register as a Designee?
ANSWER: Refer to Designee Registration for required registration information and step-by-step instructions.
Answer ID: 300-8
Date Posted: 10/17/2014
What is the User Agreement?
ANSWER: The User Agreement is an agreement put forth by the Centers for Medicare & Medicaid Services (CMS) Retiree Drug Subsidy (RDS) Center that outlines the terms and conditions of accessing the RDS Secure Website. The User Agreement covers purpose, privacy policy, systems of records, links, pop-up advertisements, outdated information, accessibility, and the Freedom of Information Act (FOIA), along with all subsets of these topics. For reference, the text of the User Agreement is available on the Agreements page.
Answer ID: 300-9
Date Posted: 10/17/2014
What is the Multi-Factor Authentication (MFA)?
ANSWER: Multi-Factor Authentication (MFA), also known as two-step or two-factor authentication, is a security enhancement that allows you to provide two pieces of evidence, or "factors", to confirm your identity when logging in to your RDS Secure Website account. These credentials fall into two categories: something you know (i.e., your Login ID and Password) and something you have (i.e., your personal device).
Updated Federal security policies require that each RDS Secure Website account must activate Multi-Factor Authentication (MFA) prior to accessing the RDS Secure Website. Users must enter their Login ID, Password, and MFA token to access the Secure Website. MFA can be configured on only one device at a time. CMS' RDS Center has implemented Google Authenticator as the independent token generation software for the RDS Secure Website. Google Authenticator is a free application that is available for download to an iOS or Android device.
Individuals are responsible for maintaining and protecting their RDS Secure Website account access. It is a violation of Federal law to share or transfer user accounts or Login and Password information.
Refer to Multi-Factor Authentication for additional information.
Answer ID: 300-10
Date Posted: 8/16/2019