In an increasingly connected environment, protecting access to shared systems is everyone’s responsibility. To strengthen account security, we’re introducing multi‑factor authentication (MFA) - an extra verification step designed to keep your login protected from unauthorised use.

To ensure a smooth experience for every type of user, we’ve set up two authentication options based on how you access your account.

If MFA is required, you will be prompted to set it up when you next log in to the platform. Regardless of how many accounts you have access to, you will only need to set up MFA once per user, per platform domain.

Use this preferred option if you do not share your login email with others.

You will then be redirected to an Authenticator page similar to the one below.

5. Google Authenticator: Open the Google Authenticator App on your phone.

6. Add New Account: Tap the plus (+) icon in the bottom right corner to add a new account.

7. Scan the QR Code: Choose the option 'Scan a QR code'. If prompted, allow the app to use your device’s camera. Hold your phone up to the QR code shown on your screen. The app will scan it automatically. Once scanned, the app will display a six‑digit code for your account.

OR

Enter Setup Key Manually: If your camera isn’t working or you’re completing setup on the same device, you can use a manual setup key instead.

To do this select 'Enter a Setup Key' in the Google Authenticator App. In the Account name field, type something recognisable like 'ATDW'. In the Key field, enter the setup key exactly as shown. Tap 'Add' to complete the setup.

The app will now display a six‑digit code for your account.

8. Enter the Code: Enter this code on the setup screen (shown below) Remember to tick the box next to 'Don't ask me again for 7 days', then click 'Submit'.

If you can’t access your authenticator app or device, select 'Choose another authentication method' to switch to email verification.

Use this option if you share your login email with others or if you do not have access to your Google Authenticator app.

If you can’t access the email, or the verification code, select 'Choose another authentication method' to switch to Authentication using an Authenticator app.

The additional Multi Factor Authentication requirement is being rolled out in stages across select user groups (See: Who Needs to Use MFA?).

If you are not seeing MFA option when logging in, you are either a standard user (i.e. a tourism business or distributor), or your organisation type has not yet been included in the rollout of MFA.

When setting up Multi-Factor Authentication (MFA) on our platform, we recommend using Google Authenticator. This app is simple to install and widely supported across devices.

Users can however use any standard time-based one-time password (TOTP) authenticator app that supports QR-code scanning. This includes Microsoft Authenticator, or Apple Authenticator (available on iOS)

Each of these apps can be downloaded for free from the Apple App Store or Google Play Store. Once installed, you can either scan the QR code provided on screen during setup or manually enter the setup key displayed to you.

Yes. Anytime you are logging in, you are given an option to select 'Choose another authentication method' to select the alternative verification method (shown below).

Multi Factor Authentication is required once per user per domain, not for each organisation or role. Meaning that if you are linked to multiple State or Territory Tourism Organisations or Visitor Information Center (VIC) organisations, you only need to setup MFA once.

Yes, in instances where multiple users are logging in using the same email address, we recommend you set up MFA using Email.

Use the links below to access official Authenticator App support: