Set up multi-factor authentication for Online Services

Learn how to set up multi-factor authentication (MFA) for your IP Australia's Online Services account to keep your intellectual property and personal data secure.

On this page

What is multi-factor authentication?

Multi-factor authentication (MFA) is a security measure that requires 2 or more proofs of identity when you log in – your password, plus a second form of verification such as a one-time code or security key.

This extra layer of protection prevents unauthorised access to your intellectual property and personal data.

MFA is now required to log in

If you have an Online Services account and haven't logged in since September 2025, you'll be prompted to set up MFA before you can access your account. This is a one-time setup.

Who needs to set up MFA

If you access Online Services through an individual account, you must register for MFA. B2B customers using application programming interfaces (APIs) are not affected and can continue to access services as usual.

If your business shares one user account across multiple users, you will need to switch to a corporate account so each user can authenticate individually. Call our Contact Centre on 1300 651 010 to set one up.

What you need before you start

Choose one of the following authentication methods before beginning registration:

  • an authentication app on your mobile device (such as Microsoft, Google or Apple)
  • MyID installed on your mobile device
  • a FIDO2 Key (a physical security key).

If using an authentication app or MyID, install it on your mobile device before you begin.

How to set up MFA

You will be prompted to register for MFA the first time you log in. New and existing users must complete registration to access Online Services.

Register with an authentication app or MyID

To register using an authentication app, follow the steps below. If you are using MyID, follow the same steps and select the MyID option when prompted in step 2, instead of 'Google Authenticator or similar'.

  1. Go to Online Services and enter your username and password.
  2. Select 'Google Authenticator or similar' (or MyID if that is your chosen method).
  3. Open your chosen authenticator app and select 'Add account' or the + sign.
  4. Scan the QR code displayed.
  5. Enter the one-time code generated by the app and click continue.
  6. Save the single-use recovery code offline. This is your backup access method if your app or device is lost. If you lose your recovery code, call our Contact Centre on 1300 651 010.

Register with a security key

To register using a physical security key, follow these steps:

  1. Go to Online Services and enter your username and password.
  2. Select 'Security Key' if using a physical token.
  3. Follow the instructions to register your security key.
  4. Choose where to save the passkey.
  5. Follow the prompts to complete security key setup and create a PIN.
  6. When prompted, push the button or touch the sensor on the security key to complete registration. You should receive confirmation that the passkey has been saved.
  7. Name your security key to help you identify it if you use multiple keys. You should receive confirmation the security key registration was successful.
  8. Save the single-use recovery code offline. This is your backup access method if you lose access to your security key. If you lose your recovery code, call our Contact Centre on 1300 651 010.

How to log in using MFA

Once MFA is set up, follow these steps each time you log in to Online Services:

  1. Enter your username and password on the login screen.
  2. Enter the one-time code from your authenticator app or MyID, or use your security key PIN to complete the login process.

Resources and support

For MFA enquiries, including resets and registration issues, call our Contact Centre on 1300 651 010.

Multi-factor authentication (MFA) user guide

PDF | 2MB

We use cookies to improve your experience.