HMRC calls for more care with tax log-in details
Her Majesty's Revenue and Customs is warning users of its online filing system that they need to keep their log-in details as safe as they would a PIN for a cash card. The warning comes because a small number of users have had their details and passwords used to make fraudulent claims. But the Revenue remains confident in the …
Really? I just heard they've jacked their "security and stability" project. Can't be that much of a priority for them can it.
Don't have anything to do with on-line assessment. Send them your return on paper.
True, they'll probably leave it on a bus, or lose a skipload at once.
But it's a read-only format. Any changes made tbetween my signed paper and the data in their computers are unquestionably their fault, either for screwing it up themselves or for failing on the computer security front.
I have two accounts, one personal and the other for my ltd co.
the user names are useless - impossible to remember so I have to keep the little cards with the full thing on, or keep them in a txt file so I can cut and paste.
At least they aren't guessable.
AE59NULABIA5UK5
Are you sure you didnt leave the HMRC login database. Unencrypted in the pub car park last night. When you went to "wet thy whistle"
No mention of those phishing emails purporting to come from HMRC. I get around one a month.
You to sign up to use a special HMRC email address as part of the on-line self assessment process.
In the Terms and Conditions it states that you must agree to regularly check the HMRC email address.
So they can get their fingers into your life without having to send you official correspondance in the form of a letter.
I got as far as that and decided, "fuck that for a game of soldiers" and sent them my paper tax return in the post.
... because their systems are Microsoft systems that are horribly broken, and don't comply with RFC2822 - so as the local part of my e-mail address as used for HMR&C correspondence is, yes, you've guessed "hmr&c" (perfectly legal as defined by RFC2822 but declare an "illegal e-mail address" by Microsoft's electric Meccano), I can't register or log in.
Of course, the HMR&C tech support droids couldn't appreciate the irony of the long exchange of e-mails about this issue to exactly that e-mail address, with (of course) no difficulties on either side whatsoever... :-(
Their position is that "this is as specified in the GovTalk standard in the UK", GovTalk being not a "standard" at all, but a Microsoft specification for public sector systems to protect their amateurishly-written operating systems, to allow for the gaping security vulnerabilities in Windows arising from use of the ampersand (&) character.
I don't see the issue, Microsoft could just produce a (much more secure and reliable) Linux-hosted system... :-)
