Safe yourself! From October 2025, 2FA is mandatory for finance online!

Safe yourself! From October 2025, 2FA is mandatory for finance online!

Österreich - From February 2023, the two-factor authentication (2FA) is available for the Finanzonline web service via app. This security measure will be mandatory for all users from October 1, 2025. Both access data must be entered and a second confirmation step for the identity check must be carried out. The aim of this measure is to increase the security level for personal data in tax matters, reports OE24 .

The Ministry of Finance recommends the ID Austria as the main option for 2FA, but also offers alternatives. Users are able to log in via authenticator apps such as Google Authenticator or Microsoft Authenticator. To register the second device, a QR code must be scanned in Finanzonline. However, the mandatory change is criticized by older people who may feel overwhelmed. Authorities see the increased security standards without an alternative.

Restoration of the 2FA

In the event that users have no access to their registered device, there are two ways to restore the two-factor authentication. The first way is when there is a recovery code. When registering, a PDF is downloaded with this personal error code. In order to reset the 2FA, the user logs on to Finanzonline, the option "I have no access to my registered device" selects and enter the recovery code. This allows a new device to be registered.

If the recovery code should have been lost, the login page must first be called up by Finanzonline. The "Password or blocked" option can be selected there. Then entering the social security number, an official photo ID and the username are required. After the reset, an initial fun word is made available with which the users can register and set up the 2FA again, reports the BMF .

Technical background to 2FA

The two-factor authentication is a procedure that offers many online service providers for additional identification in addition to passwords. There are different variants of the 2FA: it can add an additional factor to the password or completely replace it with a combination of two factors. A password is often entered in authentication, followed by further confirmation to prevent unauthorized access. The Federal Office for Information Technology (BSI) Recommends the 2FA to avoid identity theft and data loss.

In addition, the BSI explains that factors should come from different categories: knowledge (e.g. password, pin), possession (e.g. chip card, tan generator) or biometry (e.g. fingerprint). The most common systems of 2FA are TAN/OTP systems, cryptographic tokens that store private keys, as well as biometric systems for checking physical features.

Although 2FA offers increased security, it extends the registration process, and the loss of the possession -based factor can limit access. It is therefore recommended to store several “second factors” to ensure access in an emergency.