How we protect your myGov account
Your personal details are secure when you use your myGov account. We use Australian Government best practice security standards to keep your details secure and prevent unauthorised access to your account.
How we protect you
Security is central in everything we do. We have many strong security processes and protections in place across our digital platforms. The table below outlines just some of the measures we take to protect your details.
| Security measure | How it works |
|---|---|
Security review |
The security review will prompt you to review and update your account security settings as needed. This will support you to protect your myGov account against cyber threats and unauthorsied access. |
2 factor authentication for myGov sign in details sign in option |
To sign in to myGov using myGov sign in details, you enter your username and password, and either:
|
Digital ID sign in option |
You have the option to sign in to myGov using your secure Digital ID. Digital ID offers a strong level of security to protect your account. |
| Passkeys sign in option | You have the option to sign in to myGov using a passkey. Passkeys offer a strong level of security to protect your account. |
Fingerprint or facial recognition myGov app sign in option |
If you have fingerprint or face recognition set up on your device, you can choose to use it to sign in to the myGov app. |
Lockouts |
If your password, 2 factor authentication code or answer to your secret question is entered incorrectly too many times in a row, we temporarily lock your myGov account. If you continue to enter it incorrectly, your account may be permanently locked. |
Compromised account closure |
If we get information to suggest your myGov sign in details have been compromised, we’ll send a security notification email if your account has been closed to prevent unauthorised access. myGov collects information from a range of government agencies including the Australian Cyber Security Centre. |
Prompt to change password |
If we notice suspicious sign in attempts on your account, we’ll send a security notification email and prompt you to change your password the next time you sign in. |
Encryption |
Your details are securely encrypted and stored in Australia. We only share them with your linked services with your consent. They are protected by strict security protocols. |
Time outs |
If you don’t sign out of your myGov account, it will automatically sign out after 15 minutes. |
Security notifications |
If we notice sign in activity from a new device or changes to your sign in settings, we’ll send you a security notification email to make sure it was you who accessed your account. Note security notifications are different to myGov notifications. You can choose to be notified by SMS, email or push notifications for myGov notifications when you have a new message in your myGov Inbox or a new myGov task. |
Closure of inactive accounts |
We may close accounts that have not been used after a certain amount of time. We may do so when:
|
Monitoring staff access |
Only trained and authorised staff can access your details. All staff access is monitored. |
Access to your details
Only authorised staff from Services Australia can access your myGov details. They’re trained in privacy and security and are bound by the Code of Conduct under the Public Service Act 1999. You can find the Public Service Act 1999 on the Federal Register of Legislation website.
We monitor all staff access to your myGov account. If any staff commit a criminal offence, they can be prosecuted and penalised.