🔐 Use an Authenticator With myGov — Secure MFA Setup & Recovery Guide

myGov supports authenticator apps as a secure multifactor authentication (MFA) option for protecting Australian government accounts linked to services such as the Australian Taxation Office (ATO), Medicare, Centrelink, and My Health Record.

Authenticator apps generate temporary one-time security codes directly on your device instead of sending codes through SMS. Security experts generally consider this safer because it reduces risks related to SIM-swapping attacks, phishing, and intercepted text messages.

💡 Quick Answer:
To use an authenticator with myGov, sign in to your account, open Account settings, go to Authenticator, scan the QR code using a compatible authenticator app, and confirm the generated verification code.

✅ What Is a myGov Authenticator?

An authenticator is an application or password manager that generates time-based one-time verification codes used during sign in. myGov supports several compatible authenticators that meet SHA256 security requirements.

Common supported authenticators include:

  • 📲 Google Authenticator
  • 🍎 Apple Passwords app
  • 🔑 1Password
  • 🛡 Compatible password managers with authenticator support

myGov notes that some authenticators are not supported because they do not meet required security standards. Microsoft Authenticator is specifically mentioned as unsupported for this feature.

⚠ Important:
You can only connect one authenticator to your myGov account at a time. Adding a new authenticator replaces the previous authenticator or myGov Code Generator setup.

🛠 How to Add an Authenticator to myGov

  1. Sign in to myGov
  2. Open Account settings
    Select:
    • My account or Menu
    • Account settings
  3. Go to Authenticator settings
    Under Sign in settings, select Authenticator then choose Manage.
  4. Verify your identity
  5. Scan the QR code
    Use your authenticator app to scan the displayed QR code.
  6. Enter the generated code
    Type the 6-digit code produced by the authenticator app.
  7. Finish setup
    Authenticator MFA will now protect future sign-ins.

Services Australia recommends using an authenticator you are already familiar with for easier recovery and management.

📱 How to Sign In Using an Authenticator

Once configured, myGov sign in works as follows:

  1. Enter your username and password
  2. Open your authenticator app
  3. Locate your myGov verification code
  4. Enter the current 6-digit code
  5. Access your linked services securely

Codes usually refresh every 30 seconds automatically.

🔒 Why Authenticator Apps Are Safer Than SMS

SMS Codes Authenticator Apps
Can be intercepted via SIM swapping Codes generated locally on device
Dependent on mobile network Works offline
Delivery delays possible Instant code generation
Higher phishing risk More resistant to account takeover attacks

Australian cybersecurity specialists increasingly recommend moving away from SMS-only MFA where possible.

🔐 Security Tip:
Using a passkey or authenticator app together with biometric device protection provides significantly stronger protection than passwords and SMS codes alone.

📲 Common Authenticator Problems

Users frequently report:

  • Lost or replaced phones
  • Deleted authenticator apps
  • Incorrect device time synchronization
  • Codes not matching during setup
  • Migration failures after changing devices
  • Password manager conflicts
  • Using unsupported authenticator apps

Many MFA issues are caused by incorrect device time settings. Authenticator codes depend on precise clock synchronization to function correctly.

🔄 How to Replace an Authenticator

If you change devices or want to use another authenticator:

  1. Sign in to myGov
  2. Open Account settings
  3. Go to Authenticator → Manage
  4. Remove the old authenticator
  5. Add the new authenticator
  6. Verify the new codes

myGov recommends configuring another strong sign in option before removing an authenticator. This may include:

  • Passkeys
  • Digital ID
  • SMS backup codes

Services Australia also advises deleting the old myGov entry from your authenticator after removal to avoid future confusion.

⚠ The myGov Code Generator App Is Being Retired

myGov states that the older myGov Code Generator app is no longer available for download and will eventually be retired. Users are encouraged to migrate to newer authenticator apps or stronger sign-in methods such as passkeys and Digital ID.

If you still use the old Code Generator app, myGov may prompt you through its Security Review process to upgrade your authentication method.

🧠 Expert Insight from dir.md

Expert Insight:
One of the most common causes of myGov authenticator lockouts is replacing a smartphone before migrating MFA credentials properly.

Many users factory-reset old devices or trade them in without exporting or transferring their authenticator entries first. Once the original authenticator secrets are lost, recovery becomes significantly more difficult.

Another major issue involves cloud synchronization misunderstandings. Some authenticator apps sync automatically across devices, while others store credentials locally only. Users often assume codes will transfer automatically when they do not.

Cybersecurity specialists generally recommend:

  • Maintaining at least one backup sign-in option
  • Using passkeys together with authenticator MFA
  • Avoiding SMS-only protection
  • Keeping recovery email access active
  • Updating MFA methods before changing phones
  • Using only official authenticator apps

Many Australian account compromise cases involve phishing sites attempting to steal both passwords and MFA codes simultaneously. Authenticator apps reduce this risk substantially compared with SMS-based verification.

📌 Real-World Issues Reported Online

  • Authenticator codes failing after timezone changes
  • Unsupported apps not working with myGov
  • Password managers conflicting with MFA autofill
  • Users forgetting to migrate codes before phone upgrades
  • Browser extensions interfering with QR setup
  • Login failures caused by incorrect device clocks

Many users report that enabling automatic date and time synchronization instantly resolves repeated authenticator code failures.

❓ Frequently Asked Questions

Can I use Google Authenticator with myGov?

Yes. Google Authenticator is one of the commonly supported authenticator apps for myGov.

Does myGov support Microsoft Authenticator?

No. myGov states that Microsoft Authenticator does not currently meet the required SHA256 security standard for this feature.

What happens if I lose my phone?

You may still sign in using backup methods such as passkeys, SMS codes, Digital ID, or other configured recovery options.

Why are my authenticator codes not working?

Incorrect device time synchronization, unsupported authenticator apps, or incomplete QR setup are among the most common causes of invalid MFA codes.

Is an authenticator safer than SMS?

Generally yes. Authenticator apps are considered significantly more resistant to SIM-swapping and intercepted text-message attacks.

📚 Learn More

Prepared using official Services Australia and myGov security documentation, Australian MFA guidance, cybersecurity best practices, and publicly discussed user experiences.