So, I've just processed payroll and received an email that we have a P9 tax notice. So I go to log in to retrieve it and the system won't let me unless I input a mobile phone number to get a security code. Now I do have a personal mobile phone, not a work one (its currently out of charge as the charger here in the office isn't working). My colleague/boss does not have a mobile. (she's a bit of a techie dinosaur). The alternative is to receive a voice message on the landline, but we are on a switchboard so anyone could answer the call.
I put in a complaint whilst on the phone about some other HMRC nonesense (oh yes the major unexplained downtime of VAT at the back end of the year!), and they told me you can include a back up so that if you put your mobile phone in and they cannot reach you they will go to back up mode.
Well, that aint gonna work is it - most mobile phone info gets through, but they dont get the point that the staff member might be sitting on a beach somewhere with cocktail in hand whilst their colleagues are smacking their heads on a wall trying to submit something. Oh and then - go and have a look at the other backups - there are three options - a voice message to the mobile (yep the same mobile), the land line as you say plus I seem to recall the third option was the text to the mobile - so where is the back up in that!!!
Plus can anyone tell me how in hell that makes anything more secure!
HMRCs response to not having a work mobile is - get one! One that doesnt allow outgoing calls. What morons dreamed up that system.
Plus is that not now the ONLY reason you cannot send VAT returns from your software from tomorrow? Wonder how that will work moving forward with payroll software.
__________________
Joanne
Winner of Bookkeeper of the Year 2015, 2016 & 2017
Thoughts are my own/not to be regarded as official advice,which should be sought from a suitably qualified Accountant.
You should check out answers with reference to the legal position
Following a very heated discussion where the MD can't see the problem as surely what I'm saying can't be right and can't we just change the mobile number every time we log in and my immediate boss has pointed out that one or other of us logs onto the system most days and we can't just rely on me being available to phone the code through we are trying to persuade the MD that we have to buy a £10 PAYG phone.
You are talking about 2FA (two factor authorisation). 2FA is more secure because it doesn't just rely on something you know (your log-in details), but also on something you have (in this case, your mobile phone). A dodgy geezer might have been able to find out your log-in details, but he'd also have to steal your phone to be able to gain access.
You're probably already used to it in other contexts, such as online banking.
But, as you've both identified, there are flaws - it chiefly boils down to the balancing act between security and convenience: The more secure something is, the less convenient, and conversely the more convenient something is, the less secure.
The problems aren't insurmountable, though.
Firstly, the flat battery/broken charger problem: If your phone is reasonably modern, it'll have a standard charging socket on it, and that socket will probably be USB Micro B. There's a good chance the lead to the charger can be unplugged from the charger end to reveal standard USB A. If so, you can plug that end into your computer or possibly a monitor and use that to charge the phone. (Though you might find you have to pick and choose which USB socket to use - not all will be ideal.) I keep a suitable lead in my laptop bag in case I need to charge my phone, which is particularly necessary with the crap battery life of a modern phone; mine will last all day, unless I use it to, you know, make phone calls.
As to the log-in, IIRC you can create multiple log-ins onto the same account with HMRC. If so, you have multiple people at the office, each with their own log-in - and therefore using their own phone for the 2FA. When the person who normally handles HMRC online stuff is away, it falls to the second person - but instead of using the same log-in, and the same phone for 2FA (which might be away with the first person), they're using their own log-in and their own phone.
There are flaws with this, of course - first and foremost, while I believe you can do this, I don't know what the approach is for cancelling such a log-in; I've never seen any reference to doing such (though to be fair I've never looked). On the other hand, there are flaws with using the same log-in - if both Bartholomew and Regina use the same log-in, and one of them cocks something up, how do you know which one did it? With the same log-in there is no audit trail - with different log-ins, HMRC will know who did what.
The ideal solution (hello HMRC, are you listening?) would be to have a central account, with an administrator who can add and remove log-ins for employees as necessary.
Julie: Point out to your boss that to change the number each time you log-in, you first need to log-in - which is where the number comes in! You need to know in advance who is going to be logging in the next time, and while you can predict holidays and such, you can't predict someone accidentally falling under a bus. (Make the last bit sound as threatening as necessary, and remind him that a cheap PAYG is an efficient solution!)
__________________
Vince M Hudd - Soft Rock Software
(I only came here looking for fellow apiarists...)
I tried to find out the process for multiple logins and cancelling whilst I was on online chat a few weeks back - got nowhere. Must admit Ive not looked up the 'how to do' instructions because I was at a clients and then forgot/dont have time/fed up of HMRCs stupid games and a million other excuses.
If anyone knows how to do the former, please shout out (saves us all wasting more time!)
I dont see why businesses should go to even more expense - even just a tenner - for the ridiculousness of HMRC!!!! If a dodgy geezer wants to go online and do my VAT returns - feel free, but I wouldnt trust that Regina as ar as I could throw her
__________________
Joanne
Winner of Bookkeeper of the Year 2015, 2016 & 2017
Thoughts are my own/not to be regarded as official advice,which should be sought from a suitably qualified Accountant.
You should check out answers with reference to the legal position
Very quick as I'm fairly busy this afternoon but have now set up a 2nd log in. You have to click through after setting up the mobile number and it asks the question are you the only user. You click no and it gives the option of setting up a 2nd user. This will generate a brand new gateway log in. They can be set up as admin in which case they can add and delete users or standard in which case they log in only. Colleague is now a "proud" member of the mobile phone using community!
What I can't find is a way of changing the mobile number if a phone is stolen or something similar.
Now I have to get on with the cis verifications and changing of tax codes I should have done yesterday!!!
Daft thing is - surely the first user should have been set up as admin as that was the original HMRC login! Presumably what they havent thought about is that anyone with a login is not restricted as to what data they can see - which could be interesting!! Might give this a gander at a client Im visiting tomorrow and see what the newbie user can see idc.
Dont drop your phone in your coffee (as my son did) nor down the toilet (as his g/f did)!!!!!!!!
__________________
Joanne
Winner of Bookkeeper of the Year 2015, 2016 & 2017
Thoughts are my own/not to be regarded as official advice,which should be sought from a suitably qualified Accountant.
You should check out answers with reference to the legal position
