[Linux-aus] Proprietary MyGovID app to be the only way to login to ATO Business Portal
Ben Sturmfels
ben at stumbles.id.au
Tue Mar 24 22:55:39 AEDT 2020
On Tue, Mar 24, 2020 at 18:24, Jack Burton <jack at saosce.com.au> wrote:
> This move then is one which attempts to force Australian tax-paying
> companies to do business with either Apple or Google...
>
> ...ironically, two companies which are famous for *not* paying their
> fair share of taxes.
>
>
> Take a moment for that to sink in -- in order to pay our taxes, the
> government now wants us to do business with serial tax-evaders!
>
Aw, I wish I'd thought of that line! Thanks Jack!
In other news, Matt Ceniga pointed me towards mygov-totp-enrol. He
wrote:
> MyGovID may be the only "official" way to sign in, but it's not the
> only option. MyGovID just does TOTP with SHA512, so assuming you have
> a TOTP app that doesn't just do SHA1 (I use FreeOTP+, but there are
> plenty of other options), you can use the tool that this clever human
> wrote, that basically pretends to be the MyGovID app for the purposes
> of set-up, and gives you a regular QR-code to feed to your TOTP app:
> https://github.com/abrasive/mygov-totp-enroll
>
> We shouldn't need a third-party tool to do something that should
> already be offered by the MyGov website. I understand that maybe they
> didn't trust TOTP apps to support SHA512 hashes (I know that when I
> tried with LastPass Authenticator, it just *ignored* the SHA512 bit
> and tried to use the key with a SHA1 hash, resulting in the wrong
> code with no explanation or error), but there are better options than
> *forcing* people to use an app like this.
As Matt suggests, I still think that it's worth some activism here
regardless - non-technologists shouldn't be second class citizens and
we shouldn't have to work around the systems that we collectively pay
for.
Regards,
Ben
More information about the linux-aus
mailing list