CRA sign-in services help - Keep your CRA sign-in services secure

The CRA has many supports in place to help you keep your CRA sign-in services secure.

On this page

Manage your CRA security options

You can manage your security options online depending on which sign-in option you chose:

CRA user ID and password

Once you are signed in to a CRA sign-in service, you can manage any of the following CRA security options:

  • Change CRA user ID
  • Change CRA password
  • Change CRA security questions and answers
  • Revoke CRA user ID
  • Update additional security feature preferences
  • View recent CRA sign-in history
  • View the Terms and conditions of use
Sign-In Partner

For any updates to your banking credential or security questions, contact your financial institution.

You can manage the following security options:

  • Change your sign-in option by revoking your credential or switching your Sign-In Partner
  • Create/edit/delete a PIN after you sign in (My Account only, through your Profile)
  • Update your multi-factor authentication (MFA) options after you sign in:
    • In My Account and My Business Account through your Profile
    • In Represent a Client under the RepID information tab in the Review and update menu

For more information: About Sign-In Partners

Provincial partner

For any updates to your credential, contact your provincial partner.

Once you are signed in to My Account, you can manage the following security options through your Profile:

  • Create/edit/delete a PIN
  • Alberta only: Update your multi-factor authentication (MFA) options

For more information: About provincial partners

Do not share your personal information

You can contribute to the security of your personal information by keeping your personal information confidential.

Do not share your SIN, personal tax information, CRA security code or your CRA user ID and password with anyone. All pieces of information should be kept confidential. The person to whom the SIN belongs must be the one using the online service, since the required information can be used to change personal information on file with the CRA.

Do not send confidential information to the CRA by email. Our email does not have secure transmission capabilities.

Ensure your security after an online session

Don't forget to click Sign out once you are finished accessing our services.

If you are using a computer available in a public location (for example, a library) you should clear the browser's cache or close and reopen the browser. Information stored in the browser's cache is not encrypted, so clearing the cache helps to ensure the security of your information.

Clearing your cache will remove any cookies that are stored on your computer's browser. This means that each time you sign in using that computer, you will have to answer one of the security questions you already chose.

Learn more: Access online services safely

Watch out for suspicious activity in your CRA sign-in service

You should monitor your CRA sign-in service for any suspicious activity.

Learn more about what to look out for: Protect your CRA accounts

Scam prevention and the CRA

The CRA will also never ask you to provide your personal information by email. If you receive such a request, do not respond and delete it from your Inbox.

Know what to expect when the CRA contacts you, what we may or will not ask for, as well as examples of recent CRA-related scams.
Scams and fraud - CRA

Page details

Date modified: