Two-Factor Authentication: A New Security Standard

SARS has recently introduced additional security measures to prevent unauthorised access and protects sensitive taxpayer data from fraudulent activities.

The new two-factor authentication applies to all individual eFiling profiles, requiring users to authenticate their login attempts using two different methods:

1. First Layer – Users enter their username and password.

2. Second Layer – Upon successful validation of the credentials, a One-Time-Pin (OTP) is sent to the user’s registered security contact details (email or mobile number). Once the OTP is correctly entered, access to the eFiling profile is granted.

In addition, all new and changed passwords must meet the following criteria:

• Contain a minimum of 8 characters

• Include at least one uppercase, lowercase, numeric and special character

• Exclude personal information (like name / surname / email address / username);

• Exclude repetitive or sequential characters (like “aaaaa” or “12345” etc).

A password meter has been added to give eFilers a visual indication of the strength of the password.

For more information, see the updated SARS Guides:

• How to Register for eFiling and Manage Your User Profile

• How to register for the use of the SARS MobiApp

For a detailed walkthrough of the two factor authentication process on SARS eFiling you may find the following video helpful: