[Linux-aus] Proprietary MyGovID app to be the only way to login to ATO Business Portal

Ben Sturmfels ben at stumbles.id.au
Tue Mar 24 22:55:39 AEDT 2020

On Tue, Mar 24, 2020 at 18:24, Jack Burton <jack at saosce.com.au> wrote:

> This move then is one which attempts to force Australian tax-paying
> companies to do business with either Apple or Google...
> ...ironically, two companies which are famous for *not* paying their
> fair share of taxes.
> Take a moment for that to sink in -- in order to pay our taxes, the
> government now wants us to do business with serial tax-evaders!

Aw, I wish I'd thought of that line! Thanks Jack!

In other news, Matt Ceniga pointed me towards mygov-totp-enrol. He 

> MyGovID may be the only "official" way to sign in, but it's not the 
> only option. MyGovID just does TOTP with SHA512, so assuming you have 
> a TOTP app that doesn't just do SHA1 (I use FreeOTP+, but there are 
> plenty of other options), you can use the tool that this clever human 
> wrote, that basically pretends to be the MyGovID app for the purposes 
> of set-up, and gives you a regular QR-code to feed to your TOTP app: 
> https://github.com/abrasive/mygov-totp-enroll
> We shouldn't need a third-party tool to do something that should 
> already be offered by the MyGov website. I understand that maybe they 
> didn't trust TOTP apps to support SHA512 hashes (I know that when I 
> tried with LastPass Authenticator, it just *ignored* the SHA512 bit 
> and tried to use the key with a SHA1 hash, resulting in the wrong 
> code with no explanation or error), but there are better options than 
> *forcing* people to use an app like this.

As Matt suggests, I still think that it's worth some activism here 
regardless - non-technologists shouldn't be second class citizens and 
we shouldn't have to work around the systems that we collectively pay 


More information about the linux-aus mailing list