Password Leaks

[MymsMan]

I filed my tax return a couple of days ago and on the log in page there was an option to be remembered for 7 days, I have not tested if it meant I would not need to get more sms codes or not need to enter my number and password again. I certainly did not need to enter anything again when changing pages, that only happens if you dawdle about without entering anything for too long and then it makes you log in again, the only time I had to log in again was to confirm it was me after submitting my return at the end of the process.

The HMRC 7 day sign in works for me,
I think 2FA is good for banking sites but is overkill for sites like this with no private information stored

Where HMRC does annoy me is when they send me an email saying I need to logon to read an important message.
Go through hassle of 2FA to read that my next tax statement will be available in the next 4 days

So now I have to set up a reminder to login again next week to read the statement.
Why not wait until the document is actually ready before sending out the notification? Ahead of time it just wastes my time and creates extra work (including submitting negative feedback -which is of course ignored)!

 

[Black Hole]

2FA should be reserved for situations where harm may be done if the activity is fraudulent – such as changing the password, changing the contact email, or spending money. However, codes sent to a registered mobile are themselves a risk, particularly if you have your phone set to display incoming messages on the lock screen. I have my phone set not to display them until it is unlocked.