mySAGOV account security

Protect your passwords

Don't use the same password for different online accounts

If the same password is used for multiple accounts and your password is compromised during a breach of one of your accounts, you are at greater risk of being hacked. We strongly recommend you use a unique password for every account.

As a security measure, we use a password verification service to check if your password has been compromised. If mySAGOV detects your password may have been compromised, you will be asked to choose another password when creating a new account or the next time you log in.

Create a strong and unique password that you'll remember

A strong password is an important part of keeping your information safe online.

When creating a new password, make sure to include at least:

• 8 characters
• uppercase and lowercase letters
• numbers
• symbols like $, @, %.

Avoid using:

• personal information that others may know or that would be easy for others to find out - eg your name, birthday, name of your pet
• common words like 'password' or phrases like 'mypassword'.

Store your password safely

• Don't write passwords down. Consider using a password manager.
• Do not share your password or verification code with anyone. Service SA will never ask you to disclose this information.

Secure your account with two-factor authentication (2FA)

What is 2FA?

Two-factor authentication (2FA) is an added layer of security to confirm your identity when logging into an online service or account. Setting up 2FA requires you to enter additional information to gain access to your account. This means that even if someone has access to your account log in information, your account will remain secure.

How does 2FA work?

Every time you log in to your mySAGOV account, you'll need to enter your email address and password, and you'll also be prompted to enter a verification code that is sent to you.

You can choose how you'd like to receive your verification code.

Two-factor authentication can be set up when first creating a mySAGOV account or while logged in as an existing account holder.

Setting up 2FA with your preferred verification method

1. Log in to your mySAGOV account
2. Select 'My account'
3. Select 'Set up two-factor authentication' under Account details
4. Select 'Text message (SMS)' as your preferred verification method
5. Enter your mobile number. This must be a valid Australian mobile number containing 10 digits and beginning with 04 or 05.
6. Enter the 6-digit verification code sent to your mobile number.

1. Log in to your mySAGOV account
2. Select 'My account'
3. Select 'Set up two-factor authentication' under Account details
4. Select 'Authenticator app' as your preferred verification method
5. If you haven't already done so, install an authenticator app of your choice, such as Google Authenticator or Microsoft Authenticator onto your device
6. Open the authenticator app and scan the QR code
7. Enter the 6-digit verification code you see in your authenticator app.