– Federal and state employees responsible for running government websites will soon have to use two-factor authentication to access their administrator accounts, adding a layer of security to prevent intruders from taking over .gov domains.

Officials at federal agencies such as the departments of Justice, State and Defense can begin adding two-step verification to their accounts on Monday, according to the General Services Administration, the agency that manages official .gov domains for the U.S. government.

In the coming months, state and local officials will be prompted to add the security feature.

Two-factor verification works by requiring a user to input both a password and a special code generated by a device in the possession of an authorized user. This means that even if a password is compromised, a hacker would still need to steal a government worker’s physical device. The multistep process helps to secure accounts by adding a layer of protection in addition to a password.

The tightening of .gov security controls is the latest move by the federal government to boost the security of its websites and databases, which continue to face cyber threats. According to a July Government Accountability Office report, nation state actors and unidentified hackers have recently attacked a variety of U.S. government computer systems.

And cyberattacks targeting government infrastructure are expected to become more sophisticated and creative.