The Daily Swig Web security digest

HMRC rolls out compulsory 2FA

James Walker | 29 September 2017 at 12:00

UK tax department protects its customers with one, two steps.

From this week, HM Revenues and Customs (HMRC), the UK tax and customs authority, is making two-factor authentication (2FA) a requirement for all businesses accessing its online services.

HMRC began introducing 2FA in December 2015. During the soft launch, more than 11 million individuals and businesses successfully set up the two-step service to protect their online tax accounts.

Now widely used across a wide range of sectors, including banking, eCommerce and social media, 2FA provides an added level of account security by requiring users to enter a verification code sent to a trusted device.

“At HMRC, we take the protection of customer data extremely seriously,” said department spokesperson Alison Walsh. “Similar to other large financial organizations, we are an obvious target for fraudsters and cyber criminals, which is why we require 2FA.”

According to Walsh, this minor change for users will create a “much safer experience” for customers using HMRC’s online services. The use of 2FA is backed by the National Cyber Security Centre and promoted by Cyber Aware and Action Fraud.