CRA sign-in services help - Keep your CRA sign-in services secure
The CRA has many supports in place to help you keep your CRA sign-in services secure.
On this page
- Manage your CRA security options
- Do not share your personal information
- Ensure your security after an online session
- Watch out for suspicious activity in your CRA sign-in service
- Scam prevention and the CRA
Manage your CRA security options
You can manage your security options online depending on which sign-in option you chose:
CRA user ID and password
Once you are signed in to a CRA sign-in service, you can manage any of the following CRA security options:
- Change CRA user ID
- Change CRA password
- Change CRA security questions and answers
- Revoke CRA user ID
- Update additional security feature preferences
- View recent CRA sign-in history
- View the Terms and conditions of use
Sign-In Partner
For any updates to your banking credential or security questions, contact your financial institution.
You can manage the following security options:
- Change your sign-in option by revoking your credential or switching your Sign-In Partner
- Create/edit/delete a PIN after you sign in (My Account only, through your Profile)
- Update your multi-factor authentication (MFA) options after you sign in:
- In My Account and My Business Account through your Profile
- In Represent a Client under the RepID information tab in the Review and update menu
For more information: About Sign-In Partners
Provincial partner
For any updates to your credential, contact your provincial partner.
Once you are signed in to My Account, you can manage the following security options through your Profile:
- Create/edit/delete a PIN
- Alberta only: Update your multi-factor authentication (MFA) options
For more information: About provincial partners
Do not share your personal information
You can contribute to the security of your personal information by keeping your personal information confidential.
Do not share your SIN, personal tax information, CRA security code or your CRA user ID and password with anyone. All pieces of information should be kept confidential. The person to whom the SIN belongs must be the one using the online service, since the required information can be used to change personal information on file with the CRA.
Do not send confidential information to the CRA by email. Our email does not have secure transmission capabilities.
Ensure your security after an online session
Don't forget to click Sign out once you are finished accessing our services.
If you are using a computer available in a public location (for example, a library) you should clear the browser's cache or close and reopen the browser. Information stored in the browser's cache is not encrypted, so clearing the cache helps to ensure the security of your information.
Clearing your cache will remove any cookies that are stored on your computer's browser. This means that each time you sign in using that computer, you will have to answer one of the security questions you already chose.
Learn more: Access online services safely
Watch out for suspicious activity in your CRA sign-in service
You should monitor your CRA sign-in service for any suspicious activity.
Learn more about what to look out for: Protect your CRA accounts
Scam prevention and the CRA
The CRA will also never ask you to provide your personal information by email. If you receive such a request, do not respond and delete it from your Inbox.
Know what to expect when the CRA contacts you, what we may or will not ask for, as well as examples of recent CRA-related scams.
Scams and fraud - CRA
Page details
- Date modified: