Home Privacy and security Security How we protect your myGov account

How we protect your myGov account

We use Australian Government best practice security standards to keep your personal information secure.

Multifactor authentication (MFA)

myGov supports secure sign in with MFA, such as:

If you have fingerprint or face recognition set up on your device, you can use it to sign in to the myGov app.

Security review

The security review recommends actions to improve the security of your account. You can complete the security review when signed in to myGov. It helps you secure your myGov account against cyber threats and unauthorised access.

Account lockouts and protection

If someone enters the wrong password or code too many times in a row, we’ll temporarily lock the account. We’ll also turn off your email address and mobile number as usernames to protect your account.

If you continue to enter it incorrectly, your account may be permanently locked.

Your myGov account will automatically sign you out after 15 minutes of inactivity.

Account closure

If we get information to suggest your myGov sign in details have been compromised, we’ll close your account. myGov collects information from other government agencies, including the Australian Cyber Security Centre.

We may close accounts when:

  • your myGov account has been permanently locked
  • you haven’t signed in for 6 months since creating the account and have no linked services
  • you haven’t signed in for 24 months.

Security notifications

We send you security notifications to your registered email address or mobile number. We’ll do this when you sign in from a new device or change some account settings. These security notifications show you the activity in your account, and tell you what to do if it wasn’t you.

Encryption and secure systems

Your details on myGov are encrypted. This means your information is turned into a secure code so authorised systems can read it. We only share them with your linked services with your consent. They are protected by strict security protocols.

Access controls

Only you will be able to view or manage your myGov information. We use secure systems to verify your identity before giving access to your data.

Only trained and authorised staff can access your details. Services Australia monitors all staff access.

Responsible data practices

myGov doesn’t collect more personal information than it needs. We follow strict privacy requirements when we collect your data.

We don’t use your personal information for marketing. Some information is shared through myGov to help services work securely. myGov shares identity details needed to link a service, confirmation you’ve signed in securely and whether a service is linked to your account.

Other information is managed by the individual service, not myGov. This includes payment details, health, tax or payment records and your ongoing activity within that service.

myGov privacy notice

Your privacy is protected by law and we have strong safeguards to keep your personal data safe. You can find out more in the myGov privacy notice.
Page last updated: 29 April 2026