CRA Security Code: How To Get Yours (2024)

Canadians’ personal tax returns are typically due towards the end of April, usually by the third or fourth week of the month.

During this time, a lot of CRA security codes will be issued to Canadians who need to reset their passwords, log into old accounts, or create new accounts with the CRA.

A CRA security code is a temporary, unique code that’s sent to Canadian taxpayers by the CRA. This code can either be sent via text or email, and is used as a form of two-factor authentication.

Below, I’ll explain a bit more about why the CRA uses these security codes, when you’ll need to use a CRA security code, and show you how to create a new CRA My Account using your code.

What Is A CRA Security Code?

In short, your CRA security code helps keep your account safe by ensuring that it’s really you who’s logging into your account. Each CRA security code is an 8-digit number that’s randomly generated and temporarily linked to your CRA My Account.

This code is often used to help verify your identity when logging into your account or making important changes to your CRA account.

Once the code has been used for its intended purpose, it’s invalidated and recycled to be used as a code for other CRA taxpayers.

What Is Two-Factor Authentication?

The CRA security code is a type of two-factor authentication (or 2FA) that’s designed to cut down on fraud and identity theft. Whenever you’re creating a new CRA My Account, for example, you’ll be asked to provide a contact phone number and/or email address.

To verify that your phone number or email address is legitimate (and isn’t a bot account), the CRA will send a security code to the provided number or email address. You’ll be given a limited amount of time to enter this code into the CRA’s system before the code is automatically invalidated.

This code does several things, including:

  • Verifies your phone number working
  • Verifies your email address is working
  • Verifies that the phone or email in question is owned by a real person
  • Ensures that the person is who they say they are by only allowing for a limited time window in which to enter the code

Can two-factor authentication be bypassed or hacked? Sure.

However, the hacker or fraudster in question would not only have to have all of your personal identification information but would need to have access to your email or cell phone as well.

The likelihood of this scenario happening is pretty rare, which is why the CRA uses security codes to authenticate its platform users.

When Do I Need To Use A CRA Security Code?

In 2020, the CRA and taxpayers were victimized by a major hacking attack. The attack compromised over 5,000 Canadian taxpayer accounts, leaking their private information to the attackers.

As a result, the CRA has spent considerable effort to rebuild its outdated system and create a more secure environment for its users.

Although the CRA has used security codes for years to verify new accounts, the system is now requiring users to input security codes for a number of different actions, including:

  • Submitting documents
  • Modifying your personal information (name, address, job, etc.)
  • Adding or removing tax representatives and accountants from your account
  • Registering a dispute with the CRA
  • Applying for child benefits
  • Setting up direct deposit for your tax refund and tax credits
  • Filing GST/HST rebates
  • Requesting a CPP ruling

Any action that you take that could significantly impact your finances, or that changes the personal information on your account will now require CRA online users to verify their identities with two-factor authentication.

How To Get Your CRA Security Code & Log Into Your CRA My Account

Wondering how to set up your CRA My Account and use your CRA security code to verify your account? Here’s a simple step-by-step guide on how to use your CRA security code to start filing and paying your taxes online.

Step 1: Visit The CRA Website & Register For A CRA My Account

CRA Website

Assuming that you don’t already have a CRA My Account, you’ll need to register for a new one. Thankfully, this process is relatively easy since the government of Canada keeps records of all of its residents.

To register for your first account, you’ll need to provide the following information:

  • Your full legal name
  • Your social insurance number (SIN)
  • Your postal code

From here, the CRA will be able to look up your account and start the sign-up process. If you’re having difficulty with this step, then you may need to call a CRA agent and speak to them over the phone, as your taxpayer records may not be correct.

Step 2: Create A Username & Password For Your CRA My Account

Once the CRA is able to verify your personal identity using your SIN, name, and postal code, you’ll be prompted to create a unique username and password.

You’ll use this account information to log into your account, so it’s a good idea to save your password somewhere safe, to avoid having to reset it in the future.

Step 3: Set Up CRA Security Questions & Answers

After verifying your username and password, you’ll be asked to set up several security questions and personal answers. In the event that you lose your password or are unable to receive a CRA security code, you’ll use these questions and answers to verify your identity with a CRA representative.

When setting up your security questions, I recommend choosing questions and answers that only you (and possibly those closest to you) know.

For example, if your public Facebook page states where you went to primary school, it’s not a good idea to select, “Where did you attend primary school?” as a security question.

Step 4: Receive Your CRA Security Code

After setting up your CRA security questions and answers, you’ll usually be asked to complete a final two-factor authentication. An 8-digit CRA security code will either be texted to your phone number or emailed to your registered email address.

You’ll then enter this code into the CRA form to verify your identity. After this, you should be able to fully access your account.

How Long Does It Take To Get CRA Security Code By Email?

How Long Does It Take To Get CRA Security Code By Email?

The CRA’s online platform is usually pretty quick. After it’s sent, your CRA security code should arrive via text or email within a couple of minutes.

If more than five minutes have passed, then you may need to request an additional code to be sent to you. Apart from errors on the CRA’s end, some of the reasons why you may have trouble receiving your code could include:

  • You have poor cellular service
  • Your wifi connection isn’t working properly
  • Your email inbox needs to be refreshed
  • Your phone’s SIM card is glitching, and your phone needs to be restarted

If you’ve tried to troubleshoot the issue using these methods, then the email address or phone number you have on file with the CRA may be incorrect. In this case, you’ll need to contact the CRA and speak to a representative on the phone to verify your account and regain account access.

Does My CRA Security Code Stay The Same?

CRA security codes are 8-digit numerical codes that are designed for one-time use. Each security code that you receive from the CRA will be completely unique and different from the previous code you received.

Partner and Provincial Partner for CRA

When using the Canada Revenue Agency (CRA) services online, you also have the option to sign in with a Sign-In Partner (SecureKey Concierge).

Sign-In Partners: Sign-In Partners are financial institutions that have partnered with SecureKey Technologies to enable their customers to use their online credentials (e.g., card numbers or usernames and passwords) to access Government of Canada services. There are several financial institutions acting as sign-in partners, including:

  • BMO Financial Group
  • Tangerine
  • Scotiabank
  • RBC Royal Bank
  • National Bank of Canada
  • TD Bank Group
  • Desjardins Group

Provincial Partners: These are digital ID services provided by some provinces to their residents, which can also be used to access federal services. Only the province of British Columbia offers this service through their BC Services Card.


CRA Security Code

The CRA uses a security code to help authenticate users’ identities and prevent hacks like the one we saw in 2020. So far, this simple method of two-factor authentication has done a good job of that, as there haven’t been any major hacks in the past few years.

Interested in learning more about how to become a tax expert in Canada? The first step is to become a chartered CPA (certified personal accountant).

Keep on reading to see my step-by-step career path on how to become a CPA in Canada next!

Photo of author
Author Bio - Christopher Liew is a CFA Charterholder with 11 years of finance experience and the creator of Read about how he quit his 6-figure salary career to travel the world here.

Check Out These Posts:

1 thought on “CRA Security Code: How To Get Yours (2024)”

Leave a Comment