CRA sign-in services help - Multi-factor authentication (MFA)
Multi-factor authentication (MFA) increases the security of the CRA sign-in services by requiring you to enter a one-time passcode every time you sign in. MFA is mandatory for all users who wish to use the CRA sign-in services.
On this page
MFA Options
You will be prompted to enroll in MFA when you register.
You can choose to enroll with one of the following options to get your one-time passcode:
You can choose one or more of these options when you enroll. You can also choose additional methods later by signing in and selecting Multi-factor authentication settings in your Profile.
If your account becomes locked
If your account becomes locked due to entering the wrong passcode too many times, you will be temporarily locked out for 30 minutes. After that period, you can try again. If this happens 3 times, you will be permanently locked out, and will need to contact us.
Get your passcode by phone
If you choose to enroll with the phone option, you will need to provide at least one cell or landline number. Each time you sign in, a new one-time passcode will be sent to the phone number selected.
You can use VoIP to get your passcode
You can use a VoIP service with multi-factor authentication. However, some VoIP services may not be compatible with the CRA’s MFA service. If you can’t get the one-time passcode by text, choose the “Call me” delivery method.
You can use an international phone number to receive your passcode
You can receive your passcode to phone numbers based within North American countries that participate in the North American Numbering Plan (countries that an individual can call from Canada by dialing 1 + 10 digits). The phone number must be supplied by telephone providers.
Phone numbers in the following countries can receive a passcode:
- American Samoa
- Anguilla
- Antigua and Barbuda
- Bahamas
- Barbados
- Bermuda
- British Virgin Islands
- Canada
- Cayman Islands
- Dominica
- Dominican Republic
- Grenada
- Guam
- Jamaica
- Montserrat
- Northern Mariana Islands
- Puerto Rico
- Saint Kitts and Nevis
- Saint Lucia
- Saint Vincent and the Grenadines
- Saint Maarten
- Trinidad and Tobago
- Turks and Caicos Islands
- United States
- United States Virgin Islands
Alternately, you can enroll with the passcode grid or third-party authenticator app options and you do not need access to a phone at all.
When you sign in, you can choose to receive your one-time passcode by:
-
Text message Option 1 of 2
Open the text message first, then use the passcode from the body of the message.
The CRA does not charge for this service, however your provider may charge standard message and data rates.
-
Phone call Option 2 of 2
Your passcode will be verbally told to you in an automated message from a toll-free number.
If you did not receive your one-time passcode, you can:
- Ask for it to be resent or sent to a different phone number that you have already enrolled
- Try the Call me option instead of Text me if you are using a VoIP service
- Use the passcode grid if you are already enrolled with that option
- Use the third-party authenticator app if it is already set up
If you still can't receive your one-time passcode, you will have to contact us.
Get your passcode by passcode grid
If you choose to enroll with a passcode grid, the system will generate a unique passcode grid for you. You will use this grid every time you sign in, so you must either save it or print it.
The passcode grid is a table made up of numbered rows and lettered columns, similar to a Bingo card. We will ask for combinations (for example, B,1; A,3) to create your one-time passcode. We will ask for 3 of these combinations each time you sign in.
Your passcode grid will expire after 18 months. Before the expiry date, sign in and generate a new one in Multi-factor authentication settings.
If you lose your passcode grid or it expires, you will still be able to sign in if you have added the phone or authenticator app option for MFA. If you have not, you will need to contact us.
Get your passcode with a third-party authenticator app
If you choose to use a third-party authenticator app, you will need to download an app that is compatible with the CRA sign-in services. The app store offers many free third-party authenticator app options to choose from.
Using the app, scan the provided QR code with a mobile device when prompted. If you are unable to scan the QR code, you can manually enter the setup key the CRA provides into the app. The app will now be set up and you will not have to complete this step again.
The app will then generate a 6-digit time-based one-time passcode for you to sign in with. For security, the app will generate a new passcode every 30 seconds.
Update your MFA settings
After you sign in to My Account, My Business Account or Represent a Client, go to Multi-factor authentication settings to update your current MFA settings or enroll in additional MFA options. You can:
- Add or change a phone number for MFA
- Change your language settings
- Add or remove an MFA option
- Generate a new passcode grid
Enroll in multiple multi-factor authentication (MFA) options
We recommend that you enroll in more than one option, although only one option is required. Enrolling in multiple MFA options will help ensure that you can still access the CRA sign-in services if you change your phone number, misplace your passcode grid, or delete the third-party authenticator app.
You must have access to the CRA sign-in services to make changes to your MFA settings.
If you can't receive your one-time passcode
If your phone number has changed and you can no longer receive your one-time passcode to that number, you can use another MFA option if you are already enrolled with that option.
If you don't have access to your old phone number and you are not enrolled with another MFA option, you will have to contact us.
Page details
- Date modified: