Multi-factor authentication (MFA) - FAQs
Multi-factor authentication (MFA) - FAQs
National
Heavy
Vehicle
Regulator
What is multi-factor authentication (MFA)?
Multi-factor authentication (MFA) is a security measure that requires two or more verification methods of identity to gain access to an online account. It is one of the most effective ways to protect valuable information and accounts against unauthorised access. Many online services, such as online banking or social media sites, require MFA for a user to log in.
While passwords are everywhere and offer the simplest solution to restrict account access, they are no longer enough to ensure protected data privacy. Having two or more authentication factors increases cybersecurity and makes it harder for a cybercriminal to access a user’s account.
For example, if you are logging into an account that does not have MFA enabled and a hacker figures out your password, they can easily gain access to your account. With MFA, the hacker would need to enter both your password and a unique, one-time code sent to your mobile. This makes it much more difficult for cybercriminals to access your account.
Why does the NHVR Portal need MFA?
The NHVR is committed to protecting customer data and privacy. As part of maintaining a secure online environment, the NHVR is embedding MFA into the NHVR Portal login process.
The Portal is the NHVR’s digital platform that houses not only important road mapping and access data, but also private customer information.
Through the Portal, users may enter and access their registration data, permit applications, vehicle applications and more. With MFA, this data will be better protected and decrease the likelihood of leaked personal information in the event of a cybersecurity breach.
When will I need to start using MFA?
From December 2024, all new Portal users will automatically use MFA to log into the Portal.
MFA will be optional for existing customers until 1 March 2025. After this time, all users must complete MFA as part of the Portal login process. However, users are encouraged to begin using MFA when they see the optional banner appear on their Portal login page. The earlier you begin using the MFA process to log in, the more secure your account will be.
Note: Users must reset their password to ensure it meets password security requirements the first time they use MFA to log into the Portal.
Do road managers need to use MFA?
Every Portal user – both industry and government - must complete MFA each time they log into the Portal.
What options are available to use MFA?
The options for MFA include SMS, phone call and email.
The SMS and email options generate a unique code that is sent to either the customer’s mobile or email account for them to enter. For phone verification, users receive a phone call and must press the hash key (#) to complete verification.
Customers are encouraged to register a device they have regular access to when they nominate a verification mode. Users can also enrol multiple verification methods.
Do I need to use MFA every time I log into the Portal?
Customers must muse MFA each time they access the Portal. Once you have logged in, you do not need to authenticate again unless the session has timed out or ended.
Cybersecurity best practice involves signing out of your online accounts when you are not using them.
MFA generally points to a single device the account holder has. If an operator or council has users accessing or using a single, shared account, how can they use MFA?
During the rollout of MFA and for the immediate future, users accessing the Portal from a shared account can choose the email option, then access their unique code from a joint or shared inbox. Multiple users can log into the Portal using a shared account at once.
The NHVR will revisit this protocol in the future to enhance security measures.
Does an MFA code expire?
If an MFA code is missed or sent to a customer’s junk email, they may press the option to resend the code.
If a code is resent, the old one becomes invalid.
How can I seek support from the NHVR?
If you have any questions, please contact the NHVR team on 13 NHVR (13 64 87) or email info@nhvr.gov.au
The NHVR’s privacy policy can be found at https://www.nhvr.gov.au/law-policies/privacy
Where can I find out more about MFA?
Visit the Australian Cyber Security Centre’s website: https://www.cyber.gov.au/protect-yourself/securing-your-accounts/multi-factor-authentication.