Strengthening ImmiAccount security through Multi-factor Authentication (MFA)
The Department of Home Affairs is enhancing user security by introducing Multi-factor Authentication (MFA) for ImmiAccount.
ImmiAccount is the primary online gateway for accessing Australia’s visa and immigration services. MFA adds an extra layer of security to ImmiAccount, helping to protect your personal and sensitive information from unauthorised access.
From 18 June 2025, new and existing users will be required to set up MFA when creating or logging in to ImmiAccount.
Once MFA is enabled, it will be required at each login or to make account changes.
As Authenticator apps are not commonly used in China, the Department has included an option for authentication codes to be received via email.
If you haven’t logged in to your ImmiAccount in the last six months you should log in and verify your email address before 18 June.
Sharing ImmiAccount credentials is prohibited under the ImmiAccount Terms and Conditions (sections 5.1 & 5.6). As authentication codes will be sent via email, each user should have a unique email address associated with their ImmiAccount (i.e. shared email addresses are not permitted). If your agency has been using a shared email address for multiple ImmiAccounts you should take steps to create individual addresses for each of your staff and then update the address in each user’s ImmiAccount.
Click here for step by step instructions on how to set up MFA on 18 June 2025.
For more information see Multi-factor Authentication (MFA) for ImmiAccount.
Back to Visas and Citizenship
Page last updated 10 June 2025