Service NSW to make MFA mandatory by 2026

Service NSW has revealed that it will enforce multifactor authentication (MFA) for account access by 2026.

New account sign-ups will be required to use MFA for sign-ins starting this month, with the requirement to be rolled out to all users by next year.

“Service NSW takes data protection and cyber security very seriously and is working to roll out mandatory multifactor authentication, adding an additional layer of security for customers’ information and helping prevent unauthorised account access,” said Minister for Customer Service and Digital Government Jihad Dib.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

The new requirements come as part of a major update to the Service NSW app, which promises to add new capabilities, including an update to the digital wallet, a Service NSW Centre finder, and voucher sharing.

Additionally, last month, Service NSW bolstered its verification to now manage third-party authentication apps.

Service NSW first began trialling MFA in 2022 following the major Optus cyber attack. Initially, it was rolled out using text message codes but has since adopted other methods of verification, including push notifications.

In the 2022 announcement, former senior NSW government minister Victor Dominello said that while MFA was not a perfect solution, it would improve security on Service NSW services.

VIEW ALL

“Many cyber breaches occur because of weak passwords or stolen passwords. MFA isn’t a silver bullet, but it provides additional layers of security,” he said at the time.

“It’s like going out in a snowstorm. You need to add layers to protect yourself from the cold.

“Similarly, layering up can help protect your information from cyber attacks. Adding MFA means you can opt in for those extra protective layers.”

Service NSW has implemented a number of security “layers” over the years, including running background checks on login credentials to ensure they have not been compromised in a leak or third-party data breach when a user logs in.

The feature, which was launched in 2023, would prompt users to change their password if their details were found to have been leaked on the dark web.

“Your information is protected and not disclosed to anyone during this security check,” Service NSW said.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Service NSW to make MFA mandatory by 2026

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED