ato logo

Online security

What you can do to stay safe online and how we protect your information to avoid a data breach.

21 November 2023

Online access strength

There are many ways you can interact with us online and a Digital ID, such as myGovIDExternal Link, is the most secure way to access our online services and help protect yourself against identity crime.

Identity crime can be committed with basic details such as your name, date of birth, address, myGov details or tax file number (TFN).

When you access ATO online services through myGov, the sign in method you’ve used with the highest identity strength becomes your online access strength. You’ll use this for all future access. 

For example, if you have a myGovID with a Strong identity strengthExternal Link and use it as your sign in method, your minimum online access strength will be Strong. Whenever you sign in to myGov to access ATO online services, you’ll need to use your Strong myGovID.

Set your online access strength

Follow these steps to set your online access strength.

  1. Set up your myGovIDExternal Link to a Standard or Strong identity strength - if you already have a myGovID, go to step 2.
  2. Connect your myGovID to your myGov accountExternal Link - you can do this before you sign in to myGov or once you’ve signed in.  
  3. Sign in to myGovExternal Link with your myGovID - select Continue with Digital Identity to use myGovID as your sign in method.
  4. Go to ATO online services - your online access strength is now set. You can view your online access strength (Standard or Strong) under your Personal details in ATO online services or My details if you're using the ATO app.

You can increase your online access strength at any time. For example, if you increase your myGovID identity strength from Standard to StrongExternal Link and use it to access ATO online services, your minimum online access strength will be set to Strong.

Strong is currently the highest level of online access strength you can achieve.

Your online access strength only applies to ATO online services. It doesn't apply to your myGov account or other linked services.

Stay safe online.

Your personal information is an important part of your identity. The following can help make sure your online transactions with us are safe:

  • Always access our online services directly via ato.gov.au, my.gov.au or the ATO app, not by following a link.
  • Increase your online access strength - you can do this at any time by using a sign in method with a higher identity strength. For example, using myGovID.
  • Make sure your myGoviD is secure. Your myGovID is unique to you and shouldn’t be shared. Sharing it gives others access to your personal data across services, such as tax and health.
  • Check your myGov Inbox regularly – if you know everything is in order, it will be harder for a scammer to convince you otherwise.
  • Keep your TFN, passwords and other sensitive information (such as your myGov or bank account details) secure – don't share them with others, including in emails, to prospective employers or on social media.
  • Be careful when downloading attachments or clicking links, even if the message seems to come from someone you know.
  • Keep your superannuation account details secure – don't share your account details with unknown sources online.
  • Avoid conducting high-risk transactions, such as banking or logging on to online services, over unsecure public Wi-Fi.
  • Regularly back up your data onto an external hard drive or cloud backup. Secure your backup devices by making sure they are not continuously connected to your main network.
  • Keep your software up-to-date and disable remote access software until it's needed. Protect yourself and your business by installing the latest security updates, running regular anti-virus scans, and using a spam filter on your email accounts.
  • Make data security an everyday priority – practice good 'cyber hygiene' and constantly review your security habits.

You can find more information on staying safe online at:

How we protect you

We take the security and privacy of your personal information very seriously. We have steps in place to make sure your data and online transactions with us are secure and safe.

We keep your personal information safe by:

  • confirming your details when you contact us
  • having a range of systems and controls in place to make sure your data and transactions with us are secure
  • logging access to your personal information (to help us identify any unusual behaviour).

To help you stay safe online, we will not:

  • ask you for your TFN or bank details via return email, SMS, or on social media
  • give your personal information to anyone without your consent, unless the law permits us to
  • communicate with you on behalf of another government agency or ask another government agency to represent us.

For information on scams and how to report them, see:

Data breach guidance

A data breach is when confidential information is accessed, disclosed without authorisation, or lost.

To protect yourself, your business, and your employees and clients against identity crime and fraud, you should take appropriate security precautions.

If you or your business experiences a data breach, there are steps you can take to minimise the impact. Go to:

Security for digital service providers

We offer a range of digital services that support the community to interact with us to do business. We place specific security measures around where and how we store, access and transfer data.

The growth of our digital wholesale services increases productivity and connects the community across the digital economy. This presents a range of service opportunities for us and the community. However, there are also business risks and security implications to be managed.

The Digital Service Provider (DSP) Operational FrameworkExternal Link addresses these risks. It establishes how we'll provide access to and monitor the digital transfer of data through software.

Authorised by the Australian Government, Canberra.  

 

Tips for individuals to keep your personal information safe from identity thieves and hackers.

Tips for businesses to keep business and client data safe from hackers and identity thieves.

Find out about our security vulnerability disclosures policy and how to report potential vulnerabilities in ATO systems.

40958