Multi-factor authentication to access CRA login services

If your CRA user ID and password have been revoked

Some taxpayers may have received a notification that their CRA user ID and password have been revoked. Visit CRA user ID and password have been revoked for more information.

On this page:

What is multi-factor authentication?

Multi-factor authentication is an enhanced security measure that was implemented throughout our CRA login services. When prompted to enroll in multi-factor authentication, users will need to provide at least one cell or landline phone number. Users will then be sent a one-time passcode that is required to be entered each time they log in to our online services. This code is good for a single log in session. A new one-time passcode will be sent via SMS or provided in an automated message to the phone number provided, each time a user attempts to log in to the CRA login services in the future.

How do I add multi-factor authentication to my online services?

You can add multi-factor authentication to your CRA login services by logging into My Account, My Business Account, or Represent a Client and following these instructions.

My Account

  1. Once logged in, select Personal profile from the top banner.
  2. On the Personal profile page, you will find the CRA security options section.
  3. Select Continue on the Multi-factor authentication settings.

My Business Account

  1. Once logged in, select Business profile from the top banner.
  2. On the Business profile page, you will find the CRA security options section.
  3. Select Continue on the Multi-factor authentication settings.

Represent a Client

  1. Once logged in, select Review and update from the left hand navigation bar or under the Administration heading.
  2. On the Review and update RepID page, select the RepID information tab.
  3. Then select Manage your multi-factor authenticate settings.

If you are unable to access our online services to update the phone number you provided for multi-factor authentication, contact us.

How do I use the multi-factor authentication feature to access my CRA login service?

CRA login

  1. Enter your user ID and password.
  2. If asked, go through the captcha security process. To help distinguish between human users and bots, this security feature will require individuals to identify specific images, before being granted access to online services.
  3. Answer a security question (If you select ‘Do not ask me a security question each time I login using this device,’ you will not see this page in the future when using the same device or browser to login).
  4. Click ‘next’ when taken to the Last CRA login page.
  5. First you will be required to enroll in the multi-factor authentication process. To enroll, you will need to provide at least one cell or landline phone number.
  6. Once you receive your one-time passcode via SMS or automated message to the phone number you provide, enter it. This process will need to be repeated for future login attempts.
  7. You are now logged in!

Sign-In Partner login

  1. Choose the Sign-In Partner option to login.
  2. On the Government Sign-In by Verified.Me page, select the financial institution you wish to use.
  3. At the financial institution’s site, enter the required sign-in information.
  4. You are returned to the CRA.
  5. First you will be required to enroll in the multi-factor authentication process. To enroll, you will need to provide at least one cell or landline phone number.
  6. Once you receive your one-time passcode via SMS or automated message to the number you provide, enter it.
  7. You are now logged in!

BC Services Card

  1. Choose the BC Services Card option to login.
  2. Consent to let BC share information with the CRA.
  3. On the BC Services Card login page, complete the login process.
  4. You are returned to the CRA.
  5. First you will be required to enroll in the multi-factor authentication process. To enroll, you will need to provide at least one cell or landline phone number.
  6. Once you receive your one-time passcode via SMS or automated message to the number you provide, enter it.
  7. You are now logged in!

Why do I now need to enter a one-time passcode to access my online account?

The CRA has introduced a multi-factor authentication process to enhance the security of its online services, and ensure the safety and protection of taxpayer information.

What if I didn’t receive my one-time passcode?

If you did not receive your one-time passcode you can ask for it to be resent. If the issue continues, please contact us.

Can I disable the multi-factor authentication feature?

If you cannot use the multi-factor authentication feature there is no online option to disable it. For assistance, please contact us.

What if I don’t have access to text message or a landline?

If you do not have access to text message or a landline, please contact us.

Do I need a mobile phone to use multi-factor authentication?

No, you don’t need a mobile phone to use multi-factor authentication and receive your one-time passcode. You can also use your landline and receive your code by automated message. However, at this time you can only use numbers supplied by telephone providers (i.e. landline or mobile phone).

Can I use a VoIP service with multi-factor authentication?

Yes, however some VoIP services may not be compatible with the CRA’s multi-factor authentication service. If you experience difficulty receiving the one-time passcode, please choose the telephone call delivery option.

How do I update the phone number I provided when I enrolled in multi-factor authentication?

You can manage the phone number you provided by selecting the multi-factor authentication settings within My Account, My Business Account and Represent a Client.

Can I receive my one-time passcode by email for multi-factor authentication?

At this time, there is not an option to receive your one-time passcode by email. Once you’ve enrolled, it will be sent by SMS or automated message to the cell phone or landline number you provide.

Can I use an international phone number to receive one-time passcode with multi-factor authentication?

No, at this time you cannot use an international phone number to receive your one-time passcode with multi-factor authentication. If your number is based outside Canada or the United States, please contact us.

What should I do if I have been locked out of my account?

If your account becomes locked due to entering the wrong passcode too many times, contact us to have your account unlocked.

Will the CRA keep the phone number I provided on file and use it for communication at a later date?

The phone number you provide for multi-factor authentication will only be used to send you your one-time passcode. The CRA does not keep your phone number on file for communication at a later date.

What does it mean when I see "Standard message or data rates may be charged by your telephone service provider”? Is there a charge to receive the one-time passcode?

The CRA does not charge for this service, however your provider may charge standard message and data rates. Check with your provider if you have questions about your plan and costs.

As a representative, how will multi-factor authentication affect my day-to-day job?

We understand that representatives have different needs and limitations than individuals. As we progress with implementing multi-factor authentication for representatives, we’re working to ensure that your feedback is addressed and questions are answered.

What is a one-time passcode?

Once enrolled in multi-factor authentication, you are required to enter a one-time passcode each time you log in to our online services. This code is good for a single log in session. A new one-time passcode will be sent via SMS or automated message to the phone number provided, each time you attempt to log in to our CRA login services in the future.

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: