CAC Issues New Step to Access iCRP Account After Cybersecurity Breach

• CAC implements mandatory password resets and Two-Factor Authentication for iCRP users
• New security measures aim to prevent unauthorised access following the recent cybersecurity breach
• Support channels are available for users needing assistance with the new login process

Pascal Oparada is a journalist with Legit.ng, covering technology, energy, stocks, investment, and the economy for over a decade.

The Corporate Affairs Commission (CAC) has rolled out a critical security upgrade to its Integrated Company Registration Portal (iCRP), requiring all users to reset their passwords and activate Two-Factor Authentication (2FA) before regaining access.

The move comes in response to a recent cybersecurity breach and subsequent system maintenance, with the commission emphasising the need to strengthen data protection and prevent unauthorised access.

The update affects all users of the portal, including business owners, lawyers, and agents who rely on the platform for company registration and compliance services.

Read also

CBN, NCC sign MoU to combat SIM fraud, strengthen consumer protection in Nigeria

Mandatory password reset for all users

To regain access, users must first reset their existing passwords. This is a one-time requirement designed to ensure that compromised credentials are no longer valid.

Users are advised to visit the official iCRP portal and click on the “Forgot Password” option on the login page.

After entering their registered email or username, a reset link will be sent to their inbox. Once received, the link allows users to create a new, stronger password.

CAC recommends using a combination of uppercase and lowercase letters, numbers, and symbols to enhance password strength.

Users should also ensure their registered email addresses are active and check spam folders if the reset email does not appear immediately.

Introduction of app-based two-factor authentication

Beyond password changes, the commission has introduced a second layer of security through Two-Factor Authentication (2FA).

This replaces simpler verification methods, such as email-based one-time passwords, in many cases.

Read also

Step-by-step guide on checking 2026 UTME results released by JAMB

The system now relies on time-based authentication codes generated through apps like Google Authenticator.

After resetting their password and logging in, users will be prompted to set up 2FA.

The process involves scanning a QR code displayed on the portal using the authenticator app. Once linked, the app generates a unique six-digit code every 30 seconds, which must be entered during login.

This additional step significantly reduces the risk of unauthorised access, even if login credentials are compromised, according to a Punch report.

Step-by-step login process

To complete the setup and access your account, follow these steps:

First, visit the iCRP portal and reset your password using your registered email. Next, log in with your new credentials.

Upon login, you will be prompted to enable 2FA by scanning a QR code with an authentication app.

After linking your account, enter the generated six-digit code to verify your identity. Once completed, you will be redirected to your dashboard.

For future logins, you will need both your password and a current authentication code from your app.

Read also

Airtel Nigeria sends message to customers about airtime, data borrowing services

Key tips to avoid access issues

CAC has urged users to take extra precautions while navigating the new system.

Strong passwords should never be shared, and backup codes from authentication apps should be stored securely in case of device loss.

Users experiencing delays in receiving password reset emails should verify their email accuracy and check junk folders. Additionally, demonstration videos explaining the new login process are available on CAC’s official platforms.

Support channels for assistance

For users who encounter difficulties, the commission has provided support channels through its call centre and email helpdesk.

Assistance is available to guide users through password resets and 2FA setup.

A safer, more secure portal

The new security framework ensures that users can safely access critical services such as company registration, annual returns filing, and business record updates.

While the process introduces extra steps, it reflects a broader push toward stronger digital security standards in Nigeria’s corporate ecosystem.

Read also

FCCPC cracks down on loan apps: 7 Key rules reshaping Nigeria’s digital lending market

CAC removes 400,000+ non-compliant firms

Legit.ng earlier reported that the Corporate Affairs Commission (CAC) has removed more than 400,000 companies from Nigeria’s official business register over issues of inactivity and non-compliance during 2025.

This disclosure was made by the Registrar-General of the commission, Hussaini Magaji, while addressing participants at a “Celebration Walk” organised by the CAC on Saturday in Abuja, according to the News Agency of Nigeria (NAN).

Magaji explained that the mass delisting was part of a deliberate effort to sanitise the commission’s database and ensure that only active, law-abiding entities remain on the national register.

Source: Legit.ng