back to article Roses are red, violets are blue, HMRC confirms Verify can STFU

Her Majesty's Revenue and Customs (HMRC) has confirmed that it's ditching the Cabinet Office's new online ID system, and will be pushing forwards with its own replacement for Government Gateway. Sources previously informed The Register that HMRC was been building its own online authentication portal following the planned …

  1. Anonymous Coward
    Anonymous Coward

    HMRC

    Will we be able to log in with our Facebook accounts?

    1. 2460 Something

      Re: HMRC

      Facebook? Pah, you won't even have to log in. With the amount data they are slurping through our isp's into their new searchable national database you can just be auto-identified ...

      1. wolfetone Silver badge

        Re: HMRC

        "Ah, Mr.Jones. How good of you to file your tax returns. Just so you know, the viagra and leather bondage equipment you purchased on the 13th February 2017 will not be classable as a work related expense."

        "No, Mr.Jones. International studmuffin is not a recognised profession."

        1. Your alien overlord - fear me

          Re: HMRC

          That's your problem right there - the job title is "international stud muffin" - note the extra sapce.

          1. wolfetone Silver badge

            Re: HMRC

            "That's your problem right there - the job title is "international stud muffin" - note the extra sapce."

            "Mr.Jones, there is no point arguing the semantics of the position. It's quite clearly labelled as such on your Facebook and LinkedIn profiles."

          2. Anonymous Coward
            Anonymous Coward

            Re: HMRC

            i thought it was "international stud muffin MP" .... no, their expenses are paid by others, silly of me.

        2. katrinab Silver badge

          Re: HMRC

          Viagra is allowable, but it goes on the P11d as a healthcare benefit and is taxable on the individual. Depends on the line of business whether bondage equipment is allowed. If you are producing porn videos, it is absolutely OK.

    2. TitterYeNot
      Coat

      Re: HMRC

      "Will we be able to log in with our Facebook accounts?"

      No, there's an unfixed bug in the HMRC portal - if you log in with a 'social media' account such as Google or Facebook, it automatically sets all tax owed to zero and generates a 10 million quid tax credit...

    3. Anonymous Coward
      Anonymous Coward

      Re: HMRC

      Will we be able to log in with our Facebook accounts?

      No, publicly advertised data suggests that you are to use Google:

      basilic5:~ $ dig +short mx digital.hmrc.gov.uk

      20 ALT1.ASPMX.L.GOOGLE.COM.

      30 ALT4.ASPMX.L.GOOGLE.COM.

      10 ASPMX.L.GOOGLE.COM.

      20 ALT2.ASPMX.L.GOOGLE.COM.

      30 ALT3.ASPMX.L.GOOGLE.COM.

      There is, however, a niggling question hovering in the back of that idea. I don't expect Privacy Shield to survive the consequences of the last act of President Obama (modifying Executive Order 12333 so that the NSA now can legally share with all agencies and whoever friends the government on Facebook) and the actions that the Trump administration will pile on top of it - that would make the use of Google even more questionable for a non-US government entity than it already is (presently hushed for political reasons).

      I have this sneaking suspicion that some citizens (aka voters), upset that a record 1.8M signatures for not inviting Trump is ignored, may decide to use that vector to light a new bonfire under Theresa May's attempts to treat 1984 as a manual.

      And they don't need to wait either - the above is factual data, drawn about a minute ago. Not that I'm suggesting anything, of course, but if you want to annoy her further it may be worth knowing that you'll get the same result if you look at cabinetoffice.gov.uk. Tsk tsk tsk..

      :)

    4. John Smith 19 Gold badge
      Unhappy

      "Will we be able to log in with our Facebook accounts?"

      What makes you think you'll be allowed to log in any other way?

      1. styx-tdo

        Re: "Will we be able to log in with our Facebook accounts?"

        and for security reasons, please do not log in via OAuth, just provide username and password (aka we couldn't integrate that in our application, so user/pass are manually verified by our friends overseas). Thank you for your cooperation.

  2. Anonymous Coward
    Anonymous Coward

    "which the department reckons will yield £1bn in extra tax revenue after 2020."

    Lol. Course it will. And a free unicorn for every tax payer.

    1. John Smith 19 Gold badge

      ""which the department reckons will yield £1bn in extra tax revenue after 2020.""

      So about 1/2 to 1/3 what Bernie Eccleston allegedly avoided in tax.

      Or about what the NHS pays in PFI interest charges per year.*

      *Leading to the PFI companies "earning" roughly a 600% profit over the term of the contract IE 35 years. BTW there is a thing called the "Unfair Contract Clauses Act." It might have been an idea if NHS negotiators reviewed what it meant. .

  3. Natalie Gritpants

    That last paragraph looks like the best they can do is lose 300M in 5 years. Keep up the good work guys, obviously going in the right direction.

    1. Kevin Johnston

      Ah, but with the normal cost multipliers depending on phases of the moon etc, that changes to spending £2billion a year for 5 years to save £1billion

  4. AidanH

    Not more confusion!

    What an absolute farce. There are so many different logins related to this that it's no wonder users are re-using passwords.

    I tried to register to get a rebate this SA period: Having got to the final stages of that process, it asked me to log in again for security purposes. The system would not accept the details that I used to log into SA in the first place, so I have no idea what credentials they were expecting me to use. The only way I could get past this was to register with Verify. After another session of hoop-jumping, I finally got to a message saying that they were too busy to handle my rebate request.

    I imagine that the large majority of people only have to use government services very infrequently. The more different login systems we have to maintain for that the more password resets are going to be required and the more likely it is that users will try to use soft, memorable passwords that they are probably using elsewhere.

    1. Toltec

      Re: Not more confusion!

      I signed up for an account and used the .gov portal five years ago to renew my driving licence, for the past three years I've used the HMRC site for tax returns. I have the login details for HMRC stored in an offline usb drive, no idea what the login for the main .gov site is or what variant of my email address I used, it is possible I'll find something if I look for it otherwise it will be-

      Forgotten Password - click

      Forgotten Username - click

      Forgotten email address - click

      'What is your favourite colour?' - No idea what I said as I don't have one

      'What is your memorable word?' - I have a reasonable vocabulary so this could take a while

      'Who is your favourite author?' - What's with this favourite crap, what's next name your favourite finger?

      Right forget it, I'll just create a new account, what do you mean I seem to already have an account and should log in using that AARRGHHH!

    2. Steve Foster
      Facepalm

      Re: Not more confusion!

      I've been registered with the Gov Gateway for some time (indeed, I have the unfortunate problem of having multiple GG credentials for various reasons).

      Somewhere in the run-up to this year's self-assessment deadline, HMRC/Gov.uk decided to add an SMS "2FA" element to the mix, and made it mandatory, with automatic enrolment upon login. So when I came to do my return, I couldn't even start the process until I'd faffed about with this useless extra step.

      Next time, I'm going back to a paper return - it's easier!

      1. John Styles

        Re: Not more confusion!

        I did think it amusing that they added SMS 2FA AFTER (or about the same time as, I guess) NIST recommended SMS 2FA be dropped because of insecurities.

        1. Steve Foster
          Facepalm

          Re: Not more confusion!

          I had reason to use one of my other Gateway accounts today, and, now that the SA deadline has passed, the SMS 2FA configuration has been made optional!

      2. Anonymous Coward
        Anonymous Coward

        Re: Not more confusion!

        Just as bad here on the other side of the pond. Filling out endless online forms fails miserably while physical presence with paper forms works every time no matter which agency at whatever level of government. Part of that is probably due to it being harder to say no face to face but not all of it.

  5. WibbleMe

    HMRC can I not just sing in with Facebook or Google?

    1. Alister

      can I not just sing in

      Two verses of "T'was on the good ship Venus"?

  6. Anonymous Coward
    Anonymous Coward

    Fixed headline

    Roses are red, violets are blue, HMRC confirms its latest SNAFU

    1. Andrew Orlowski (Written by Reg staff)

      Re: Fixed headline

      Except it isn't an HMRC SNAFU. Not even a little bit.

      It's a very sensible step by HMRC to sidestep a huge pile of insecure and barely functional crap that was developed by the whizz kids at GDS ("redefining the relationship between citizen and state" (c) 2013) that being dumped on them by the Cabinet Office.

      1. John Styles

        Re: Fixed headline

        Roses are wonderful

        Violets are great

        We're "redefining the relationship

        between citizen and state"

  7. Steve the Cynic

    Re: the headline

    Am I the only one who looked quickly at "HMRC confirms Verify can STFU" and wondered what El Reg's own Verity Stob had to do with anything? You know, confusing VeriFy and VeriTy?

    1. John Styles

      Re: the headline

      Me too!

  8. Lars Silver badge
    WTF?

    What's up ElReg

    Roses are red, Roses are reddish, violets are blue, Oracle is red, you are feeling blue, you are over the moon. What happened at the venue, are you in need of mental help.

    1. quxinot

      Re: What's up ElReg

      Roses are red

      Violets are blue

      The Reg celebrates Valentines day

      And so should you!

      1. Steve the Cynic

        Re: What's up ElReg

        Why? It's just a reminder that I've been a widower for the last 18 months...

      2. Lars Silver badge
        Coat

        Re: What's up ElReg

        @ quxinot

        So sorry, as there was no white I assumed the Scots have decided to leave the United. Too bad, should have remembered before my wife came home.

  9. Anonymous Coward
    Anonymous Coward

    satanta

    So now we know the joy of having multiple TV subscriptions and possible multiple boxes under our teles, we can have the same thing with government.

    I imagine the rewarding conversations down the pub in years to come "I paid my tax today"..."oh yeah?, did you use verify"... "nah mate, i'm on the HMRC thing aint I, got it all sorted mate".

    1. Toltec

      Re: satanta

      You need to think further outside the set top box, you subscibe to the state service provider of your choice, where you physically are is irrelevant as all governments now exist in the Cloud. Supply of waste collection, roads maintenance and policing etc. is unbundled from the actual provider so you can pick and choose what government you wish to live under.

      1. billse10

        Re: satanta

        "you can pick and choose what government you wish to live under."

        I'll choose the one that does not think the Snoopers' Charter is a good idea. Bet that's not one of the choices though

  10. Mr Dogshit

    Surely violets are violet?

    1. Toltec

      @ Mr Dogshit

      That is a florist remark and I take offence (on behalf of all Violets, not that I am one you understand), it doesn't matter how little proportion of blue is in a violet it is always blue.

      1. This post has been deleted by its author

  11. Mystic Megabyte
    FAIL

    worldpay

    In January I logged into HMRC for my self-assesment thingy. At the end I was told that I had £123.45 (not the real amount) outstanding, so I clicked the link and paid it with Worldpay. I got a confirmation email from Worldpay with a reference number. Last week I got a letter from HMRC demanding exactly the same amount so I rang up to query it. I was told that they could not use the Worldpay reference number to check it. D'uh!

  12. David Roberts

    Two Factor

    I've been doing on line tax returns yea these many years and not had any major problems. This year they added 2FA so I get a code each time I log in via SMS.

    No issues with this, it barely slows me down.

    If I understand correctly the main issue with 2FA using SMS is where the application is also on the phone so you are effectively only using one factor (medium for transmission of security information). Think online banking app, online shopping etc.

    You may be able to do your tax return on a phone or tablet (with SIM) but I shudder at the thought. Although if more and more people live their IT life solely through Android then this may change.

    A tablet with mouse and keyboard can be quite useable (if you don't need to use any Wintel software).

    By all accounts it is still far better than Verify.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like