Service NSW to enforce multifactor authentication by 2026 – Security

Service NSW will make multifactor authentication mandatory for accessing MyServiceNSW accounts by next year.

The government services agency will begin enforcing identity verification for new MyServiceNSW account holders this month, rolling it out to all users by 2026.

An agency spokesperson told iTnews that it is gradually rolling out enforcement to “ensure Service NSW can enhance its systems if required and have appropriate education and support services in place to assist customers before a full rollout”.

Earlier this month, Service NSW expanded its existing verification capabilities to encompass codes generated by third-party authentication apps. 

Service NSW first began piloting two-factor authentication via SMS codes at the end of 2022 in the wake of the Optus data breach.

The agency later expanded this to push notifications within the MyServiceNSW application.

“Service NSW takes data protection and cyber security very seriously and is working to roll out mandatory multi-factor authentication, adding an additional layer of security for customers’ information and helping prevent unauthorised account access,” Minister for Customer Service and Digital Government Jihad Dib said.

The authentication capability sits alongside other Service NSW cyber security features, including a background check on whether credentials have been exposed via a third-party data breach or leak when a user logs into their MyServiceNSW.