HMRC changes gateway password rules

computer lock out
istock_DragonImages
Share this content
Tags

HMRC quietly altered the number of characters required for accountants and taxpayers to access the government gateway, leaving some unable to log in.

When HMRC updated its login page in July, account users were asked to enter passwords between eight and 12 characters. However, this password change was brought in with little fanfare, which prevented those attempting to sign in with their longer 15 character password from accessing their account.

Since AccountingWEB raised this issue, HMRC has rectified the login page issue to "accommodate those users who have passwords greater than 12 characters".

The Revenue announced the changes in the VAT online guidance document (no longer available online), published on 29 July, advising those with long password to enter the first 12 characters, and this will be used as their new HMRC password.

“HMRC are aware that some customers on registering their account typed in a ‘long’ password but to meet our requirements the password was set at the first 12 characters typed in the box,” the Revenue said.

“These customers were able to access HMRC services by typing in the ‘long’ password because the first 12 characters matched the password that was set at registration and the additional characters were not required.”

HMRC explained that the new sign in page brings added security, so this mean “any extra characters typed in the password box will cause a login failure”.

AccountingWEB member Corinius raised awareness of the password change on Any Answers after their client was unable to file their June VAT return. Even resetting their password had no effect. It was then the AccountingWEB member realised the Gateway rejected passwords longer than 12 characters.

Login concern spread to AccountingWEB member AndyLim, who was unable to sign in to agent services a couple of days after the gateway updated on 18 July. After contacting the online services helpdesk, the member was told that their access had been “stopped or not recognised by the new system” and that he had to request a new code which would take two to 10 days.

Meanwhile, AccountingWEB member Mbee1 has suffered other irritations when grappling with the new login procedure. “What is also annoying is that the new login page whilst it remembers your user id it you cannot ask it to remember your password,” they said. “Mistype it more than three times and you're locked out for 2 hours.”

Writing as they wait out their lock-out, the member warned others how multiple staff using the same passwords can cause an unexpected delay if anyone mistypes.

Explaining the change, an HMRC spokesman said: “In July, HMRC introduced a new login page to improve the customer experience, strengthen security and enhance performance and resilience. The new login page is based on core Government Gateway design and only supported passwords of 12 characters or less. The login page has now been changed to accommodate those users who have passwords greater than 12 characters.”

Did you suffer a similar experience? Were you locked out without warning by the new gateway update?

About Richard Hattersley

Richard Hattersley

Richard is AccountingWEB's practice correspondent. If you have any comments or suggestions for us get in touch.

Replies

Please login or register to join the discussion.

avatar
By abaco
11th Aug 2016 07:37

No doubt the chief executive can expect to recieve an honour for this.

Thanks (5)
11th Aug 2016 10:49

I'm getting fed up with these 'improving customer experience' and 'enhancing performance' comments.... how is it 'improving' and 'enhancing performance' by logging 'customers' out for hours?

Thanks (7)
avatar
to Jennifer Adams
11th Aug 2016 10:55

JAADAMS wrote:

I'm getting fed up with these 'improving customer experience' and 'enhancing performance' comments.... how is it 'improving' and 'enhancing performance' by logging 'customers' out for hours?

Thanks (0)
avatar
to Jennifer Adams
11th Aug 2016 12:35

This is an example of Hutber's Law.

Hutber's law states that "improvement means deterioration". It is founded on the cynical observation that a stated improvement actually hides a deterioration.

The term has seen wide application in business, engineering, and risk analysis. It was first articulated in the 1970s by Patrick Hutber, an economist and journalist who was the City Editor for The Sunday Telegraph in London from 1966 to 1979

Thanks (4)
avatar
11th Aug 2016 10:58

Not the first, nor the last. HMRC don't ask customers- they don't answer the phones quickly enough and ignore most correspondence. It's an assumption of "improvement", and assumption starts with a 50:50 chance of getting it wrong.....

Thanks (1)
avatar
11th Aug 2016 11:02

Also receive platinum handshake when they leave post.
The trouble with those in public service they actually believe all the garbage they spout .

Thanks (4)
avatar
By Gav2013
11th Aug 2016 11:02

I feel it's beyond time for HMRC to compensate Agents for their time when they are at negligence, similarly to late trains or delayed flights. Let's put a cost to inconvenience when it's due.

Thanks (4)
avatar
By JBKMP
11th Aug 2016 11:22

When I discovered Google Chrome stopped remembering my login password I reverted to Windows explorer, just for HMRC, and it does remember my password, albeit after I type the first digit of my user name.

Thanks (0)
avatar
11th Aug 2016 11:32
Thanks (2)
avatar
By Ammie
11th Aug 2016 11:55

Quote:
HMRC explained that the new sign in page brings added security, so this mean “any extra characters typed in the password box will cause a login failure”

Am I missing a trick here? How is a shorter password more secure than a longer one ?

When funded by a bottomless pit of public funds civil servants can keep busy doing not a lot, particulalry in view of the thousands of unpaid civil servants, us, being obliged to take on an ever increasing burden of their work.

I am also straining to understand why an obscene level of security is necessary, what is there to be gained that cannot already be exploited by those inclined to do so?

HMRC continue to target ultimate control but accept no responsibilty. That's our job!!

Thanks (4)
avatar
to Ammie
11th Aug 2016 14:35

Ammie wrote:

Quote:
HMRC explained that the new sign in page brings added security, so this mean “any extra characters typed in the password box will cause a login failure”

Am I missing a trick here? How is a shorter password more secure than a longer one ?

When funded by a bottomless pit of public funds civil servants can keep busy doing not a lot, particulalry in view of the thousands of unpaid civil servants, us, being obliged to take on an ever increasing burden of their work.

I am also straining to understand why an obscene level of security is necessary, what is there to be gained that cannot already be exploited by those inclined to do so?

HMRC continue to target ultimate control but accept no responsibilty. That's our job!!

Wish I could click 'thanks' twice!!
You summed up exactly how I feel!

Thanks (0)
avatar
11th Aug 2016 17:11

A few weeks ago I found that the Autofill function, which inserted my access code and password, stopped working. I contacted HMRC who said that it was nowt to do with them and that I should check my settings. As part of an upgrade I got the computer man to check my autofill and he found nothing wrong with it, and suggested that HMRC may have blocked it from their end. Who is right? It is a ruddy nuisance to have to put this data in 5-10 times a day.

David Rangeley

Thanks (2)
avatar
to rdrtaxwizard
12th Aug 2016 13:54

If browser autofill isn't working (and probably in any case) I heartily recommend KeePass which is a password vault that sits on your PC and completes passwords & userids when you hit a key combination. It can also generate complex passwords for you. That way all you have to remember is the master password or phrase for KeePass itself.

Thanks (1)
avatar
to rdrtaxwizard
12th Aug 2016 18:10

rdrtaxwizard wrote:

A few weeks ago I found that the Autofill function, which inserted my access code and password, stopped working. I contacted HMRC who said that it was nowt to do with them and that I should check my settings. As part of an upgrade I got the computer man to check my autofill and he found nothing wrong with it, and suggested that HMRC may have blocked it from their end. Who is right? It is a ruddy nuisance to have to put this data in 5-10 times a day.

David Rangeley

That's happened with all our machines since the last week of July when we upgraded to Windows 10 - I blamed it on that but maybe it wasn't Microsoft's fault after all?!! As you say a ruddy nuisance to have to keep keying it in.

Thanks (1)
avatar
19th Nov 2016 15:08

A good article HMRC are making Accountants tasks just that little bit more and more difficult, especially for smaller Accountants.

The entrance to the government gateway is getting smaller and smaller and more tricky to get through (soon it will seem as dangerous as entering an old bordered up mine, (especially now HMRC have advised going forward we cannot enter clients tax accounts), does HMRC think we are going to give up and go away, no way, generally we do more good than harm.

Thanks (0)