Multi-factor authentication (MFA) support

What is MFA?

Multi-Factor Authentication (MFA) is a security feature that protects your DHA Online Services account by requiring two forms of identity verification. Instead of relying solely on a password, MFA adds a second layer, including a verification code sent to your mobile phone, email or generated by an authenticator app. This ensures that even if your password is compromised, your account remains secure.

Benefits of MFA

DHA Online Services (OLS) provides access to sensitive personal and financial information for all Online Services account holders.

To protect this information from cyber threats like phishing and unauthorised access, DHA has implemented MFA across all OLS accounts. This aligns with the Australian Cyber Security Centre’s (ACSC) Essential Eight controls.

For further information on MFA, please refer to Protect yourself: Multi-factor authentication | Cyber.gov.au

If you’re a new OLS user or need help, please visit Online Services Help for detailed guidance.

Setting up MFA

All DHA OLS users must set up MFA to access their accounts. After creating your account and password, you’ll be prompted to choose one of three MFA options:

1. Authenticator App

  • Download a Time-based one-time password (TOTP) app (e.g., Microsoft or Google Authenticator).
  • Scan the QR code or enter the setup key manually.
  • Enter the generated code and select Verify.
  • Sign in using your email, password and app code.

2. Email

  • Enter your chosen email address (saved as your Security Email).
  • Receive and enter the verification code (expires in 5 minutes).
  • Sign in using your email, password and emailed code.

3. Mobile Phone (SMS) (Australian numbers only)

  • Enter your mobile number (+61 format).
  • Receive and enter the SMS code (expires in 5 minutes).
  • Sign in using your email, password and SMS code.

Note: You’ll be asked to verify identity using an MFA method each time you log in.

Adding MFA (Additional Methods After Setup)

Once MFA is active, you can add another MFA method for flexibility. For example, if you set up an Authenticator App first, you can later add Email or mobile phone.
To add MFA methods:

  1. Log in to Online Services using your current MFA method.
  2. Go to My Account > Profile > Multi-Factor Authentication.
  3. Select Add Authenticator App, Add Security Email or Add Security Mobile Phone.
  4. Follow prompts to validate the new method.

Important

  • You can have up to one app, one email and one phone number registered.
  • At least one validated MFA method must remain active at all times.
  • If you need to reset your MFA app and an old OLS credential still exists in the app, it is recommended that you delete the old OLS verification.

Removing MFA Methods

  • Go to Profile > Multi-Factor Authentication.
  • Select the delete icon next to the method and confirm.
  • You cannot remove all MFA methods—one must remain for security.
 

Initial password and MFA set up


FAQs and Troubleshooting

Yes. You can set up a maximum of 1 email address, 1 mobile phone and 1 authenticator app for MFA. You can then choose your preferred option each time you log in. 

Yes. You can update your MFA phone or email via OLS. 

Try logging in again and if the issue persists, contact DHA on 139DHA (139 342).

Contact DHA on 139DHA (139 342).

Yes. MFA works across multiple devices.

You can update your details via OLS. If you cannot access OLS, please contact DHA on 139DHA (139 342) to reset your MFA.

The email address or phone number entered may be incorrect. Restart the login or setup process and enter the correct information.

Contact DHA on 139DHA (139 342).  Your MFA will be reset, and you’ll receive an email with a link to set up MFA again. Once updated, you can log in using your username, password and the new MFA method.

Contact DHA on 139DHA (139 342) for assistance.

Watch a video on how to set up MFA

How to set up the MFA app

How to setup your email for MFA

How to setup MFA on your phone