Join
Join

Taking steps to protect you online

All of our digital platforms come with robust security features, including multi-factor authentication, to protect your funds and personal data.

A woman in a modern office focused on her tablet.
Phishing, mobile phone hacker or cyber scam concept. Password and login pass code in smartphone. Online security threat and fraud. Female scammer with cellphone and laptop. Bank account security.

Keeping your data secure

We're committed to keeping your accounts and data safe across our digital platforms using multi-factor authentication, including: 

The same controls extend to products accessed through Member Online and the mobile app, including: 

  • Choiceplus, our direct investment option  
  • SuperSmart, our digital advice platform, and 
  • our insurance portal where members can manage their cover.  

What is multi-factor authentication?

To safeguard the security and privacy of your Hostplus details, we require multi-factor authentication (MFA) for each login. It’s one of the most effective security measures, as it requires you to provide at least two different types of verification to access your account. 

What does this mean for you?

MFA requires additional information when you log in to Member Online or Pension Online, our mobile app, or other Hostplus portals. 

Using our online portals 
When registering to use our online portals, you’re asked to choose a password, then set up an MFA verification method. For Member Online and Pension Online, you can receive your one-time PIN (OTP) as a key component of your MFA via the following options: 

  • an SMS sent directly to your mobile 
  • voice call authentication, with the OTP communicated in a voice call to your mobile or landline
  • an authenticator app, like Google Authenticator or a similar secure solution, allowing you to receive an OTP even when outside mobile network coverage (expected to be available from mid-May 2025). 

Each time you return to Member Online or Pension Online, a new OTP will be sent to you via your preferred method. You can change your OTP preference any time after logging in to your account and can register multiple options for flexibility. 

Using our mobile app 
For the Hostplus mobile app, you’ll receive an OTP only for your initial registration. Once registered, the app uses a secure digital certificate instead of OTP. Instead of a password, you can choose a PIN or a biometric authentication using fingerprint or face ID to log in. Your biometric information is stored only on your device and is not accessed by the app, ensuring privacy and security. 

FAQs

Authenticator apps generate a random OTP and are more secure than receiving a code by SMS. Popular options include Google Authenticator, Microsoft Authenticator, Okta Verify, Authy Authenticator and LastPass Authenticator. You can set up MFA for Member Online using your existing authenticator app via the QR code or registration code in your Member Online portal.

If you don’t have an authenticator app, you can install one of the apps mentioned above, or another reputable free authenticator app, from your mobile app store. You'll also still be able to receive an OTP via SMS or voice call. For more details, read the government’s advice on MFA

We recommend installing the authenticator app on your mobile phone only, as it’s a personal device that’s always with you and generally less prone to malware than PCs. 

You can choose to receive an OTP via SMS or voice prompt. 

We require you to set up an OTP for accessing Member Online and Pension Online, and for registering for the Hostplus mobile app, because we’re committed to ensuring appropriate security standards for all our members’ data and privacy. Once registered, the mobile app provides seamless access to your account without using OTP. 

Search for ‘Hostplus’ on Google Play or the Apple App Store. Click here for more details

No. Once you complete your MFA setup, it will apply to both platforms. However, your OTP will be triggered each time you log in to web-based online portals like Member Online and Pension Online. 

The service is a free security feature and we won’t charge you for the voice call or SMS. Some mobile network providers may charge fees if you’re overseas and using global roaming. We recommend using an authenticator app for OTP, as it doesn’t require a data connection and is more secure than SMS. 

Yes, the OTP generated through Member Online or Pension Online will expire three minutes after it’s delivered via SMS or voice call. An OTP generated by an authenticator app will expire after 30 seconds. After an OTP expires, you’ll need to generate a new one. 

Yes, if you change your mobile number, you’ll need to reset your MFA.   

You can change your mobile number via the mobile app, Member Online or Pension Online.   

Once you’ve changed your number, follow these steps to reset your MFA in Member Online or Pension Online:   

  1. Go to ‘My profile’, then ‘Manage Multi-Factor Authentication’ and select ‘Reset’. You’ll then be logged out of Member/Pension Online. 
  2. Log back in to Member/Pension Online. An MFA code will be sent to your new mobile number so you can log on securely. 

Click 'Forgot password' on the Member Online or Pension Online login screen and follow the prompts to reset your password via email.

The mobile app does not use a password to log in after the initial setup.

Helpful resources