Knowledge Base

TaxCalc Blog

News and events from TaxCalc

Steve Checkley (22)
11 April 2016

New Addition to HMRC Government Gateway Security

As part of HMRC’s Making Tax Digital strategy, we have been expecting security improvements to be made to taxpayers’ access to their online accounts via the Government Gateway.

On 29 March 2016, HMRC introduced a new optional layer of security that introduces a mobile phone into the logging in process for Individual taxpayers.

To be fair to HMRC, this form of two factor authentication is becoming pretty standard practice in the online world. Those of us that use online banking usually have a little device that can generate a code to allow access. The chances are that a third party has access to such a device or a mobile phone are incredibly slim.

How do taxpayers set this up?

HMRC are rolling this out over several weeks. However, when live on their account, once a taxpayer has logged in to their online accounts, they will find an option to activate the service. From there, it’s a matter of following the onscreen steps.

The feature isn’t mandatory. HMRC recognise that not all taxpayers will want this, perhaps because they don’t have a mobile phone or don’t have a signal. Nonetheless, it seems that some 600,000 taxpayers opted into this additional security last January.

If someone no longer has access to their mobile phone (such as they lose it or change numbers), they can reset it using HMRC’s Online Services Helpdesk.

Agent credentials

Another aspect of the introduction is that it will make it harder for a very small minority of agents that use their clients’ Government Gateway credentials to file tax returns on their behalf.

Strictly speaking, it is not correct or advisable that this practice carries on and, indeed, accountants can obtain their own credentials. Adding another layer of security makes it even harder for such agents to avoid obtaining their own credentials.

What should we expect to happen in the future?

It is highly likely that logging in using a mobile phone will be extended to other users of HMRC’s online service. This may include accountancy practices.

We also consider it likely that HMRC will introduce two factor authentication in its new API authorisation processes. Back in January, my colleague Greg Case, wrote about these and how they will present themselves in TaxCalc.

Print this article
8 people like this

Share this article:


CommentLog in
You must log in to comment.

kilrail (8 years ago)

It seemed mandatory to me. I wanted to change address and it insisted on 2 stage security. A P60 figure and a mobile phone number to send a 6 digit code to continue. As I live in Spain I gave a Spanish mobile (there was a field for Country and it displayed the correct Country code). However after 3 attempts no text received with a code. I used a UK mobile and received a text straight away. Then after all that I discovered you cannot amend an overseas address anyway!!!
Comments are subject to house rules

How to subscribe

Get the TaxCalc news as soon as we publish it!

To sign up, please log in or create an account.

Log in

How to comment

If you already have a TaxCalc account, you can comment on any articles written here.

To avoid using your actual name, you can create a special ID. Just log in and visit your customer account to create it.

Create your ID