[Linux-aus] Proprietary MyGovID app to be the only way to login to ATO Business Portal

Ben Sturmfels ben at stumbles.id.au
Thu Apr 16 16:55:40 AEST 2020 

Another update. A representative of ATO called to suggest that as a
sole-trader (not a company), I can manage activity statements and
superannuation through the ATO linked service on https://my.gov.au. I
tried this and after doing the necessary linking security questions, I
get essentially the exact same functionality I had via the ATO Business
Portal.

This isn't an option for companies though, who are forced to use MyGovID
so that multiple authorised people can access these features on the ATO
Business Portal.

The representative told me that there's no plans to move my.gov.au to
MyGovID login for the foreseeable future.

So that solves my issues for now, but I expect it's only a matter of
time before MyGovID gets more widely rolled out.

Regards,
Ben


On 31/3/20 11:39 am, Ben Sturmfels via linux-aus wrote:
> Just a quick update - I had a lovely call from a person at ATO
> responding to my complaint. A couple of things they mentioned:
> 
>  - ATO is the first agency to use MyGovID
> 
>  - they have a feedback form on https://www.mygovid.gov.au <- USE IT
> 
>  - they have received quite a bit of feedback similar to mine
> 
>  - there was some form of hard deadline in place around their previous
> authentication set up around 10 years ago - sounded like a contract
> expiry but I didn't get specifics - may have been just related to AusKey
> 
>  - they really didn't know how the transition was going to go - now they
> have learned, surprise surprise, for example a bunch of tax accountants
> who don't have smartphones - much respect to those accountants!
> 
>  - currently the Digital Identity team is only speaking with people who
> are having technical difficulties with the app, not people who want to
> participate in the upstream process
> 
> All in all, they were very empathetic about the ethical issues of
> requiring Apple or Google accounts and trust in proprietary tech. If you
> can spare a few minutes, this is an important time to be heard and they
> are certainly listening.
> 
> Regards,
> Ben
> 
> On 24/3/20 10:55 pm, Ben Sturmfels via linux-aus wrote:
>>
>>
>> On Tue, Mar 24, 2020 at 18:24, Jack Burton <jack at saosce.com.au> wrote:
>>
>>> This move then is one which attempts to force Australian tax-paying
>>> companies to do business with either Apple or Google...
>>>
>>> ...ironically, two companies which are famous for *not* paying their
>>> fair share of taxes.
>>>
>>>
>>> Take a moment for that to sink in -- in order to pay our taxes, the
>>> government now wants us to do business with serial tax-evaders!
>>>
>>
>> Aw, I wish I'd thought of that line! Thanks Jack!
>>
>>
>> In other news, Matt Ceniga pointed me towards mygov-totp-enrol. He wrote:
>>
>>> MyGovID may be the only "official" way to sign in, but it's not the
>>> only option. MyGovID just does TOTP with SHA512, so assuming you have
>>> a TOTP app that doesn't just do SHA1 (I use FreeOTP+, but there are
>>> plenty of other options), you can use the tool that this clever human
>>> wrote, that basically pretends to be the MyGovID app for the purposes
>>> of set-up, and gives you a regular QR-code to feed to your TOTP app:
>>> https://github.com/abrasive/mygov-totp-enroll
>>>
>>> We shouldn't need a third-party tool to do something that should
>>> already be offered by the MyGov website. I understand that maybe they
>>> didn't trust TOTP apps to support SHA512 hashes (I know that when I
>>> tried with LastPass Authenticator, it just *ignored* the SHA512 bit
>>> and tried to use the key with a SHA1 hash, resulting in the wrong code
>>> with no explanation or error), but there are better options than
>>> *forcing* people to use an app like this.
>>
>> As Matt suggests, I still think that it's worth some activism here
>> regardless - non-technologists shouldn't be second class citizens and we
>> shouldn't have to work around the systems that we collectively pay for.
>>
>> Regards,
>> Ben
>>
>>
>> _______________________________________________
>> linux-aus mailing list
>> linux-aus at lists.linux.org.au
>> http://lists.linux.org.au/mailman/listinfo/linux-aus
>>
>> To unsubscribe from this list, send a blank email to
>> linux-aus-unsubscribe at lists.linux.org.au
> 
> _______________________________________________
> linux-aus mailing list
> linux-aus at lists.linux.org.au
> http://lists.linux.org.au/mailman/listinfo/linux-aus
> 
> To unsubscribe from this list, send a blank email to
> linux-aus-unsubscribe at lists.linux.org.au
>

More information about the linux-aus mailing list