Skip to main content

Multi-factor authentication (MFA) support

What is MFA?

Multi-Factor Authentication (MFA) is a security feature that protects your DHA Online Services account by requiring two forms of identity verification. Instead of relying solely on a password, MFA adds a second layer, including a verification code sent to your mobile phone, email or generated by an authenticator app. This ensures that even if your password is compromised, your account remains secure.

Benefits of MFA

DHA Online Services (OLS) provides access to sensitive personal and financial information for all Online Services account holders.

To protect this information from cyber threats like phishing and unauthorised access, DHA has implemented MFA across all OLS accounts. This aligns with the Australian Cyber Security Centre’s (ACSC) Essential Eight controls.

For further information on MFA, please refer to Protect yourself: Multi-factor authentication | Cyber.gov.au(Opens in a new tab/window)

If you’re a new OLS user or need help, please visit Online Services Help for detailed guidance.

Setting up MFA

All DHA OLS users must set up MFA to access their accounts. After creating your account and password, you’ll be prompted to choose one of three MFA options:

1. Authenticator app

  • Download a Time-based one-time password (TOTP) app (e.g., Microsoft or Google Authenticator).
  • Scan the QR code or enter the setup key manually.
  • Enter the generated code and select Verify.
  • Sign in using your email, password and app code.

2. Email

  • Enter your chosen email address (saved as your Security Email).
  • Receive and enter the verification code (expires in 5 minutes).
  • Sign in using your email, password and emailed code.

3. Mobile phone (SMS) (Australian numbers only)

  • Enter your mobile number (+61 format).
  • Receive and enter the SMS code (expires in 5 minutes).
  • Sign in using your email, password and SMS code.

Note: You’ll be asked to verify identity using an MFA method each time you log in.

Adding MFA (additional methods after setup)

Once MFA is active, you can add another MFA method for flexibility. For example, if you set up an Authenticator App first, you can later add Email or mobile phone.
To add MFA methods:

  1. Log in to Online Services using your current MFA method.
  2. Go to My Account > Profile > Multi-Factor Authentication.
  3. Select Add Authenticator App, Add Security Email or Add Security Mobile Phone.
  4. Follow prompts to validate the new method.

Important

  • You can have up to one app, one email and one phone number registered.
  • At least one validated MFA method must remain active at all times.
  • If you need to reset your MFA app and an old OLS credential still exists in the app, it is recommended that you delete the old OLS verification.

Removing MFA methods

  • Go to Profile > Multi-Factor Authentication.
  • Select the delete icon next to the method and confirm.
  • You cannot remove all MFA methods—one must remain for security.

Videos on how to setup MFA

Watch the video below on how to set up your initial password and MFA.

Targeted MFA set up videos

How to set up the MFA app

How to set up your email for MFA

How to set up MFA on your phone

FAQs and troubleshooting

Last updated
Return focus to the top of the page