The Department of Home Affairs is strengthening ImmiAccount security by introducing Multi-Factor Authentication (MFA) — a significant upgrade to protect your personal and organisational data.

Starting mid-June 2025, MFA will be mandatory for all users. This means you’ll need to verify your identity using both a password and a second authentication method every time you log in or update account settings.

You’ll have two options:

• Authenticator App (recommended): Use apps like Google or Microsoft Authenticator to generate secure 6-digit codes.
• Email Token: Receive a one-time code via your registered email — ideal for those without a smartphone or app access.

A testing phase begins in mid-May 2025, and eligible users are encouraged to participate by emailing their ImmiAccount username to the Department by 11 May 2025.

This change brings ImmiAccount in line with Australian Government cybersecurity standards and ensures stronger protection against unauthorised access.

🔒 Reminder: Sharing ImmiAccount credentials is strictly prohibited. Organisations must assign appropriate administrators to manage staff access securely.

➡️ Want to know more?
Check out our full blog for detailed timelines, setup instructions, FAQs, and support resources.