How you can protect your myGov account

In addition to strong passwords, there are things you can do to protect your myGov account.

Suspicious activity on your myGov account

If you think someone has accessed or tried to access your myGov account, check your myGov account history for suspicious activity.

If you’re concerned after checking your account history, you should:

  1. Change your password and improve its strength by using a passphrase. You can choose to turn off your password as a sign in option if you use Digital Identity or a passkey to sign in.
  2. Change your username settings to sign in with your myGov username, not your email address or mobile number.
  3. Go to your account settings to check your registered passkeys, or connected devices. Disconnect any devices or passkeys you don’t recognise.
  4. Check your linked services for changes or incorrect information, such as bank details. Contact that service if you see suspicious activity.

If you still have concerns about your myGov account, contact us.

Your myGov account details

Here are some things you can do to protect your myGov account.

Sign in details

  • Don't share your myGov sign in details with anyone, even family members.
  • Change your username settings to sign in using your myGov username, not your email address or mobile number. 
  • Consider using your Digital Identity or your passkey as a sign in option.
  • Use an email address that only you have access to.

Password

  • Change your password to a strong, unique passphrase.
  • Turn your password off if you use Digital Identity or a passkey to sign in.
  • Use a password that’s easy for you to remember but hard for others to guess.
  • Use a password that’s different to your other online accounts.
  • Change your password if you think someone has guessed it.
  • Don't let other people see your screen if you use the 'show password' option.
  • Don't share your password or myGov PIN with anyone.

2 factor authentication option

  • If possible, set your 2 factor authentication option to get a code sent by SMS or use the myGov Code Generator app.
  • Never tell anyone the answers to your secret questions.
  • Choose secret answers other people won’t be able to find out – for example, think about whether people could guess your answers through what you share on social media.
  • Change your secret questions and answers regularly.

Passkeys

  • Don’t use personal or sensitive information to name your passkey.
  • Don’t share your passkey with anyone else.
  • Remove any suspicious passkeys from your account.

Sign out

Always sign out of your myGov account and linked services. You should also close all browser tabs and your browser window when you’ve finished.

Computers in public locations

If you use a computer in a public location, such as a library, you should:

  • not use an unsecure public Wi-Fi connection
  • not let other people see your password, myGov PIN or answers to your secret questions
  • always sign out of your myGov and linked service accounts when you finish and close all browser tabs and your browser window
  • clear the browser cache, cookies and history after you have signed out of myGov
  • not store documents you download from myGov on a public device.

Find out more about using web browsers safely on the eSafety Commissioner website. Or, you can check for help in your browser to find out how to clear your cache, cookies and history.

Your computer

To protect your myGov account when you use your own desktop computer:

  • install security software and keep it up to date
  • run regular scans for viruses and malware
  • keep your operating system and applications up to date
  • only download files from trusted websites
  • keep your internet browser up to date
  • avoid using unsecure public Wi-Fi networks
  • always sign out of your myGov account when you finish and close all browser tabs.

Your mobile device

To protect your myGov account when you use your mobile device:

  • use a password, PIN or biometric to secure your mobile device
  • install security software and keep it up to date
  • keep your operating system and software up to date
  • only install mobile apps from trusted stores, such as Google Play or the App Store
  • keep your internet browser up to date
  • avoid using unsecure public Wi-Fi networks
  • don’t leave your device somewhere it may be viewed by others, as they may be able to see text messages or email notifications from us even when your device is locked
  • check the connected devices in your myGov account settings and disconnect any apps you don’t use
  • if you lose a mobile device, disconnect any apps you have connected
  • check the information presented to you before scanning items with the myGov app QR code scanner.

Social media

To protect your details when engaging with Services Australia or myGov on social media, don’t share your sign in details on social media posts.

Services Australia and myGov won't send you a direct message or private chat on social media asking you to:

  • click on a link to sign in to myGov
  • open an attachment to update your details
  • scan a QR code
  • pay us a fee to get a payment or benefit
  • enter your bank details
  • tell us your personal details.

You should check that you’re engaging with our genuine social media profiles. You can find a list of our verified social media accounts on the Services Australia website.

More help to protect yourself online

Learn more about taking care of your safety online on the Australian Cyber Security Centre website.


Page last updated: 28 June 2024