Does AUSTRAC require MFA on the AUSTRAC Online/reporting account?

Yes. Multi-factor authentication (MFA)is mandatory for all AUSTRAC Online accounts. Every user must set up MFA and a stronger password on first login. There is no opt-out.

MFA method options

Users choose one of two methods:

1. Authenticator app — OTP generated by an app such as Google Authenticator or Microsoft Authenticator. AUSTRAC issues 10 recovery codes at setup (single-use, for lost or changed devices).
2. Email — OTP sent to the email registered against the user's AUSTRAC Online account. Expires after 5 minutes. The email cannot be a shared address.

One user, one account

Reporting entities cannot share a single login. Each person who needs AUSTRAC Online access must have their own user account, their own non-shared email, and their own MFA configured.

Related articles

• What MFA options does easyAML support?
• Does easyAML submit SMRs to AUSTRAC via API?
• How is 2FA configured if SMS isn't suitable - Authenticator App?
• Can each staff member share an info@ inbox, or do they need individual emails?
• Does easyAML support SSO?