Guidance

HMRC's online security information for agents

Find out how to protect your login details and reduce the risk of fraud when using HMRC online services.

Reduce the risk of fraud

To reduce the risk of fraud you should:

  • change your password regularly, at least once every 3 months
  • report any suspicious account activity to the online services team
  • not let people use your login details – if other people need access you can set up administrators and assistants
  • keep your list of administrators and assistants up to date
  • keep login details secure, do not share them with anyone - HMRC will never ask for your password
  • keep computers secure - personal computers used for work must have the same security controls as office computers
  • access your client details using your own registration - do not use your clients’ login details

Change your password when HMRC tells you to

HMRC may tell you to change your password at any time.

Your password will automatically be changed if:

  • HMRC has made 3 unsuccessful attempts to contact you to tell you to change it
  • you do not change it when HMRC tells you to
Published 28 November 2011