Your myGovID gives you access to online services, by telling ATO that it is you trying to gain access. In addition to the security features on your device, such as fingerprint, face or password, myGovID uses your personal information as well as encryption and cryptographic technology to help stop other people impersonating you.

ATO knows that giving you access to online services is critical. To keep the system safe though, you must protect your myGovID and your personal information.

Unfortunately, you are not immune to identity crime. Lately ATO has been working with a small number of agents where they or their clients, or both, have been the victims of identity crime. In these instances, there has been a significant and disruptive impact on the agent and their clients.

To help ensure you are not the next victim, and to protect your identity from being used fraudulently, follow ATO’s top 10 tips below.

Top tips

  • Use a personal email address when setting up your myGovID
    • If you have already set up your myGovID with a business email address, you can update your email  in the myGovID app anytime.
  • Protect your personal email account
    • Use strong and secure passwords for your personal email account and protect it with multifactor authentication. This is also sometimes known as 2-step or 2-factor authentication, common email services such as Gmail will also have help guides on how to do this.
  • Keep your smart devices secure
    • Enable built-in security features in your device such as fingerprint or face, and don’t leave your devices unattended.
    • If your device is lost or stolen report it straight away by calling the myGovID support line.
  • Turn on notifications for myGovID in your app Settings to ensure you receive verification notifications when accessing online services
    • If you receive a notification when you’re not actively accessing an online service, report it immediately by calling the myGovID support line.
  • Check myGovID setups regularly
    • You can now view a summary of each time your myGovID has been set up. Make it a habit to check it regularly.
  • Protect your identity documents
    • Avoid storing images of identity documents or document/card numbers in any email folders.
    • If you have sent these over email (for example to a bank) make sure you delete them from your sent items.
    • Be mindful who you share your identity and personal information with (including through online quizzes that may seem innocent but are designed to harvest your personal information).
  • Increase the security of your myGovID by verifying additional identity documents
    • If you have an Australian passport (expired no more than 3 years) you should verify it along with your photo. Verifying your photo is a real time, one-off face verification check that scans your face to check you’re a real person, and verifies that you are the right person.
  • Don’t share your myGovID, provide your log in code or enter your log in code for anyone
    • Each employee of a practice must set up their myGovID on a unique device.
    • Don’t allow others to share or use your device or login code. Sharing might seem convenient but remember that it also provides others with access to your personal data across online services.
  • Report suspected inappropriate access
    • If you suspect someone has inappropriately accessed your personal information in myGovID, report it immediately by calling the myGovID support line
  • Stay on top of your cyber hygiene
    • Run software updates straight away, keep antivirus software up to date, and always be careful when clicking on links and providing personal identifying information.

During 2023, there will be more myGovID security enhancements coming to help protect you and your clients. We’ll keep you informed of the changes.

Support and information available

More support and information are available to help you and your practice:

  • Visit myGovID security to find more information on protecting your myGovID and staying safe online.
  • Phone the myGovID support immediately to report any suspected inappropriate access.
  • Visit our newsroom for our articles on Australian Cyber Security Centre’s (ACSC) Essential 8 mitigation strategies.

From VJC Accounting Team

General Advice warning: the information in this article is general in nature, it is not advice specific to your needs. If you want to act upon the information in this article then you should seek advice from a qualified professional. VJC and VJC WM accepts no liability to any party for acting from this information unless they have sought advice in a formal engagement for this purpose