What is TFA?
Two-Factor Authentication (TFA, 2FA), also known as Multi-Factor Authentication (MFA), is mandatory on the GovCMS platform. We operate in accordance with the Information Security Management(Opens in a new tab/window) (ISM) guidelines set by the Australian Cyber Security Centre(Opens in a new tab/window).
TFA enhances account security by requiring two distinct methods of verifying a user’s identity.
The GovCMS platform has been assessed by an InfoSec Registered Assessors Program(Opens in a new tab/window) (IRAP) member, ensuring compliance with both the ISM(Opens in a new tab/window) and the Protective Security Policy Framework(Opens in a new tab/window) (PSPF) for handling data classified up to OFFICIAL: Sensitive.
The Australian Cyber Security Centre website had more information on the how and what of multi-factor authentication(Opens in a new tab/window).
Why do we need TFA?
TFA is one of the most effective measures to prevent unauthorised access to user accounts. It is particularly critical for sites that allow public user logins, where the risk of compromise is higher.
- Mandatory for SaaS sites: All GovCMS Software as a Service (SaaS) sites must use TFA.
- Strongly recommended for PaaS sites: Organisations using Platform as a Service (PaaS) are encouraged to enable TFA to strengthen their site's security posture.
Instructions for setting up TFA can be found in the GovCMS Service Desk(Opens in a new tab/window) knowledge base.
Lost access?
If you’ve lost access to your TFA method and no longer have your one-time recovery codes:
- Standard users: Contact your Site Admin to reset your TFA.
- Site Admins: Submit a request through the GovCMS Service Desk for assistance.