• Portal security

    The portals are secure websites protected by AUSkey.

    You should review this ‘Portal security’ information regularly. We update it as we become aware of issues and relevant information which will help you maintain the highest levels of security.

    Security credentials

    Security credentials are electronic files and/or software which are used for identification purposes when transacting over the internet.

    Security credentials are used to establish a secure environment for online transactions. This provides you with assurance that your online transactions with us are safe by letting us know we are interacting with the right person for each transaction.

    Modern security credentials make fraud very difficult. For someone to gain access to our online services as you, they must be using a computer on which the credential is installed and they must know your password.

    Every person associated with your business, practice, or entity who wants to deal with us online on behalf of your ABN will need their own security credential.
     

    Looking after your security credential

    The security of the information you want to guard through the use of a credential is only as good as the care you take to keep this credential protected.

    Never disclose your password to anyone, including ATO staff or the provider of your credential.

    When choosing a password, make sure that it is sufficiently complex. Your password must:

    • be at least 8 characters long
    • contain numeric as well as alphabetic characters
    • have a mix of upper and lower case alphabetic characters
    • have at least one special character (for example, !,@,#).

    Security credential expiry

    AUSkey holders

    As long as you use your AUSkey at least once each year, it will not expire. If your certificate does expire you will need to register for a new one.

    Your role in securing your information

    Technology and computers cannot safeguard information automatically. You need to protect your own information related to using this service.

    We strongly recommend that you:
    • never disclose your AUSkey password to anyone, including the ATO or the credential's issuer
    • do not download your credential to general use computers. Access the portal only from computers to which you have exclusive use, or that you share under the following conditions:
      • computer is configured for multiple users
      • each person has a unique account, or
      • other users are individuals you can trust
    • keep your computer software up-to-date, especially with security upgrades and patches. These are usually available from the licenser of the software
    • ensure that your anti-virus software is current and running on your computer at all times. Scan new programs/files for viruses before opening, running, installing or using them
    • ensure that you have anti-intrusion software – commonly referred to as a firewall, to provide added security for your information and protection from misuse of your identity
    • avoid opening, running, installing or using programs/files you have obtained from a person or organisation unless you are positive that you can trust them
    • select ‘Logout’ when you are finished using this portal. You should also logout if you leave your computer unattended to avoid others accessing your account
    • conduct secure disposal practices such as cleansing of hard disk on disposal of your computer.

    What to do if someone obtains your password or your computer is stolen

    This situation should be treated with the same degree of urgency that you would give to the loss of a credit card.

    AUSkey holders 

    If you still have access to your AUSkey you should login to abr.gov.au/AUSkey and cancel your credential. You will then need to register for a new AUSkey.

    If you no longer have access to your AUSkey:

    • any Administrator AUSkey holder within your business can cancel your AUSkey online at abr.gov.au/AUSkey 
    • if you are an Administrator AUSkey holder, and there are no other Administrator AUSkey holders within your business, call 1300 AUSkey (1300 287 539) to have your certificate cancelled. You must satisfy identity checks before we will cancel your AUSkey on your behalf.
    Back to top

Relying on our information - our commitment to you

We are committed to providing you with advice and guidance you can rely on, so we make every effort to ensure that what we give you is correct.

If you follow our advice or guidance and it turns out to be incorrect, or it is misleading and you make a mistake as a result, we will take that into account when determining what action, if any, we should take.

Some of the advice and guidance on this website applies to a specific financial year. This is clearly marked. Make sure you have the information for the right year before making decisions based on that information.

If you feel that our advice and guidance does not fully cover your circumstances, or you are unsure how it applies to you, contact us or seek professional advice.

Copyright

© Australian Taxation Office for the Commonwealth of Australia

You are free to copy, adapt, modify, transmit and distribute this material as you wish (but not in any way that suggests the ATO or the Commonwealth endorses you or any of your services or products).