HM Revenue & Customs (HMRC) in the UK has outlined plans to introduce multi-factor authentication (MFA) on agent accounts to tighten access controls for tax intermediaries.
According to the Chartered Institute of Taxation (CIOT), agents who currently sign in using only a username and password will be required to enter a one-time security code as a second step.
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
That code may be delivered via text or voice call to a mobile or landline, or created using a linked authenticator application.
The move will bring the process in line with the existing log-in journey used for personal and business tax accounts.
The change will apply to both the Agent Services Account and legacy online accounts used for services such as self-assessment and corporation tax.
HMRC has indicated an initial target of introducing MFA by the end of June, although the precise timetable has yet to be confirmed.
In a message shared with the Institute of Chartered Accountants of Scotland, HMRC said: “MFA will provide greater protection as agents sign in to HMRC’s services, helping to keep accounts and client data secure.
“From Tuesday 7 April, to raise awareness of the upcoming introduction of MFA, agents will see a new page when signing in to their HMRC account on GOV.UK, linking to further guidance in the Tax Agent’s Handbook.
“A small group of agent volunteers are currently participating in a period of MFA test and learn, with testing then due to expand in April. HMRC will be contacting agents who they recognise would benefit from early adoption of the additional security MFA offers. This may be agents who have previously contacted HMRC due to account suspension or to raise security concerns.
“Members using automated processes or third-party software for their sign-in journey should check whether any software updates are needed and allow time for those adjustments.”
