QRG: Registering for multi-factor authentication

Learn how to register for multi-factor authentication to make your AUSTRAC Online account secure.

On this page

How multi-factor authentication (MFA) works

Each time you log in to your AUSTRAC Online account, you need to enter your username and password. Then you’ll need to either, enter the code:

  1. From your authenticator app.
  2. You get in your email.

Both options are called multi-factor authentication (MFA).

What you need to authenticate

To register for MFA via an app you need:

  • a mobile device with internet connection
  • an authenticator app from the App Store or Google Play.

You might use your business’s preferred app or a reputable authenticator app such as Google Authenticator or Microsoft Authenticator.

To register for MFA via email you need the email address you used to register for your AUSTRAC Online user account. This cannot be a shared email address.

Log in to your AUSTRAC Online account

To log in: 

  1. Go to AUSTRAC Online.
  2. Enter your username and password.
  3. Select Log in
AUSTRAC Online log in page, with Log in button

Resetting your password

If you’re having trouble resetting your password, make sure you entered your username correctly. Your username may be different to your email address.

You can email AO_MFA@austrac.gov.au if you’re:

  • still not getting the password reset email
  • asked to reset your password multiple times.

In your email, you should include: 

  • your username (userid)
  • your email address
  • your phone number
  • a brief description of the issue, including screenshots if applicable.

Set up multi-factor authentication

Once you enter your log in details, you’ll be prompted to select your MFA method. 

You can either choose an authenticator app or email. Select your choice and then Next. 

Multi-factor authentication method page, with authenticator app option selected, and a Next button

Using the authenticator app

To use an authenticator app:

  1. Scan the QR code using your mobile to register your device. Don’t scan the example QR code below.
  2. Once your authenticator app is set up, select Next.
A QR code and Next button
  1. Enter the verification code sent to your authenticator app.
  2. Select Submit.
Verification code page and Submit button

You’ll get 10 recovery codes. Copy or print these codes.

You can use recovery codes if you lose or change your device with the authenticator app installed on it. You can enter these recovery codes instead of the code generated in the authenticator app. However, you can only use each recovery code once.

Page titled device sign in is enabled, with a list of recovery codes and a Done button
  1. Select Done. 

You’ve now completed your MFA registration. You’ll need to login again.

Using email 

To use email:

  1. Select the email to get your one-time password (OTP). 

  

Multi-factor authentication method page, with email option selected, and a Next button
  1. Enter the code you get in your email.
  2. Select Submit.
One time password page with Submit button

You’ve now completed your MFA registration. You’ll need to login again.

How each MFA method works

Learn how each MFA method works.

Authenticator app

Each time you log in to your AUSTRAC Online account you need to enter the code from your authenticator app. 

  1. Log in to AUSTRAC Online.
  2. Enter the code.
  3. Select Submit. This will take you to the AUSTRAC Online home page.
Verification code page and Submit button

If you’ve lost or changed your mobile device, select Use recovery code 

 

Recovery code page with an input field and Next button

Email 

Each time you log in to your AUSTRAC Online account, you’ll get an email with a one-time password (OTP). 

Email with an one time password
  1. Log in to AUSTRAC Online.
  2. Enter the code.
  3. Select Submit. This will take you to the AUSTRAC Online home page.

Reset MFA

You can reset your MFA if you:

  • missed scanning the QR code as you set up MFA
  • no longer have access to the device that has your authenticator app on it
  • want to change the method you use for MFA.

If you’re having trouble logging in to AUSTRAC Online using MFA:

  1. Use this reset MFA link or the link on the one-time password (OTP) screen.
  2. Enter your username and password.
  3. Select Submit
Reset MFA page with Submit button
  1. You’ll get an email with a link to reset MFA. Select Proceed.
  2. This will take you to AUSTRAC Online. Log in to re-register for MFA. 
Email with Proceed button

If don’t get an email 

If you don’t get an email, you can check:

  • your email address is correct
  • your email spam folder
  • with your IT department, including their spam folder
  • your browser. Try a different browser, for example switch from Edge to Chrome.

Help and support

If you’re having technical issues with MFA, email us at AO_MFA@austrac.gov.au.

If you need help to change the email address associated with your account, or to access AUSTRAC Online, email our contact centre at contact@austrac.gov.au.

If you have any other questions about these new features, email us at HaveYourSay@austrac.gov.au.

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 14 Nov 2025
Page ID: 1418

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.