Will we be able to log in with our Facebook accounts?
Her Majesty's Revenue and Customs (HMRC) has confirmed that it's ditching the Cabinet Office's new online ID system, and will be pushing forwards with its own replacement for Government Gateway. Sources previously informed The Register that HMRC was been building its own online authentication portal following the planned …
Will we be able to log in with our Facebook accounts?
No, publicly advertised data suggests that you are to use Google:
basilic5:~ $ dig +short mx digital.hmrc.gov.uk
There is, however, a niggling question hovering in the back of that idea. I don't expect Privacy Shield to survive the consequences of the last act of President Obama (modifying Executive Order 12333 so that the NSA now can legally share with all agencies and whoever friends the government on Facebook) and the actions that the Trump administration will pile on top of it - that would make the use of Google even more questionable for a non-US government entity than it already is (presently hushed for political reasons).
I have this sneaking suspicion that some citizens (aka voters), upset that a record 1.8M signatures for not inviting Trump is ignored, may decide to use that vector to light a new bonfire under Theresa May's attempts to treat 1984 as a manual.
And they don't need to wait either - the above is factual data, drawn about a minute ago. Not that I'm suggesting anything, of course, but if you want to annoy her further it may be worth knowing that you'll get the same result if you look at cabinetoffice.gov.uk. Tsk tsk tsk..
and for security reasons, please do not log in via OAuth, just provide username and password (aka we couldn't integrate that in our application, so user/pass are manually verified by our friends overseas). Thank you for your cooperation.
So about 1/2 to 1/3 what Bernie Eccleston allegedly avoided in tax.
Or about what the NHS pays in PFI interest charges per year.*
*Leading to the PFI companies "earning" roughly a 600% profit over the term of the contract IE 35 years. BTW there is a thing called the "Unfair Contract Clauses Act." It might have been an idea if NHS negotiators reviewed what it meant. .
What an absolute farce. There are so many different logins related to this that it's no wonder users are re-using passwords.
I tried to register to get a rebate this SA period: Having got to the final stages of that process, it asked me to log in again for security purposes. The system would not accept the details that I used to log into SA in the first place, so I have no idea what credentials they were expecting me to use. The only way I could get past this was to register with Verify. After another session of hoop-jumping, I finally got to a message saying that they were too busy to handle my rebate request.
I imagine that the large majority of people only have to use government services very infrequently. The more different login systems we have to maintain for that the more password resets are going to be required and the more likely it is that users will try to use soft, memorable passwords that they are probably using elsewhere.
I signed up for an account and used the .gov portal five years ago to renew my driving licence, for the past three years I've used the HMRC site for tax returns. I have the login details for HMRC stored in an offline usb drive, no idea what the login for the main .gov site is or what variant of my email address I used, it is possible I'll find something if I look for it otherwise it will be-
Forgotten Password - click
Forgotten Username - click
Forgotten email address - click
'What is your favourite colour?' - No idea what I said as I don't have one
'What is your memorable word?' - I have a reasonable vocabulary so this could take a while
'Who is your favourite author?' - What's with this favourite crap, what's next name your favourite finger?
Right forget it, I'll just create a new account, what do you mean I seem to already have an account and should log in using that AARRGHHH!
I've been registered with the Gov Gateway for some time (indeed, I have the unfortunate problem of having multiple GG credentials for various reasons).
Somewhere in the run-up to this year's self-assessment deadline, HMRC/Gov.uk decided to add an SMS "2FA" element to the mix, and made it mandatory, with automatic enrolment upon login. So when I came to do my return, I couldn't even start the process until I'd faffed about with this useless extra step.
Next time, I'm going back to a paper return - it's easier!
Just as bad here on the other side of the pond. Filling out endless online forms fails miserably while physical presence with paper forms works every time no matter which agency at whatever level of government. Part of that is probably due to it being harder to say no face to face but not all of it.
Except it isn't an HMRC SNAFU. Not even a little bit.
It's a very sensible step by HMRC to sidestep a huge pile of insecure and barely functional crap that was developed by the whizz kids at GDS ("redefining the relationship between citizen and state" (c) 2013) that being dumped on them by the Cabinet Office.
So now we know the joy of having multiple TV subscriptions and possible multiple boxes under our teles, we can have the same thing with government.
I imagine the rewarding conversations down the pub in years to come "I paid my tax today"..."oh yeah?, did you use verify"... "nah mate, i'm on the HMRC thing aint I, got it all sorted mate".
You need to think further outside the set top box, you subscibe to the state service provider of your choice, where you physically are is irrelevant as all governments now exist in the Cloud. Supply of waste collection, roads maintenance and policing etc. is unbundled from the actual provider so you can pick and choose what government you wish to live under.
In January I logged into HMRC for my self-assesment thingy. At the end I was told that I had £123.45 (not the real amount) outstanding, so I clicked the link and paid it with Worldpay. I got a confirmation email from Worldpay with a reference number. Last week I got a letter from HMRC demanding exactly the same amount so I rang up to query it. I was told that they could not use the Worldpay reference number to check it. D'uh!
I've been doing on line tax returns yea these many years and not had any major problems. This year they added 2FA so I get a code each time I log in via SMS.
No issues with this, it barely slows me down.
If I understand correctly the main issue with 2FA using SMS is where the application is also on the phone so you are effectively only using one factor (medium for transmission of security information). Think online banking app, online shopping etc.
You may be able to do your tax return on a phone or tablet (with SIM) but I shudder at the thought. Although if more and more people live their IT life solely through Android then this may change.
A tablet with mouse and keyboard can be quite useable (if you don't need to use any Wintel software).
By all accounts it is still far better than Verify.
Biting the hand that feeds IT © 1998–2019