Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Revenue Site Security?

  • 15-06-2017 11:05am
    #1
    cormie
    Registered Users, Registered Users 2 Posts: 20,841 ✭✭✭✭


    Does anyone know why Revenue have their site so complicated with security? They are the only site I use that requires you to download a certificate. It seems completely unnecessary given that even online banking accounts, paypal etc require much simpler solutions?

    Just always been curious :)

    ROS Registration Changes (including security questions)


    Dear ROS Administrator

    Revenue is updating and simplifying the ROS registration process in mid-June. The changes are:

    streamlined screens to make it easier to follow the steps in the registration process,
    a quicker process as your ROS system password is sent by email or text instead of post,
    the addition of security questions in your ROS Profile*, and
    a new Reset ROS Login option to speed up password and/or certificate retrieval.


    ROS registration is still a 3-step process but Step 3 'Apply for a ROS digital certificate' is quicker because the ROS system password will be sent by email or text. Customers will be advised that the system password will be valid for 1 hour, and if they cannot complete the process within the hour they can simply re-apply for a system password.

    Customers will be asked to update their Profile to include security questions; selecting five security questions from a list of ten. It is very important to remember the answers you select.

    For new ROS registrations the update will be requested when they download and save their certificate.
    For existing ROS registrations, you will be asked to update your profile to include five security questions when you next log in to ROS after the changes are in place in mid-June.



    We are introducing a new Reset ROS Login option which will allow ROS Administrators to download a new ROS certificate where a ROS certificate is lost or expired, or the password is forgotten. The security questions in your ROS Profile are part of the means of authenticating your ROS identity, and allow you to use the Reset ROS Login option.

    To use the Reset ROS Login option, you must have security questions set up and your contact details must be up to date, including an active email address and mobile phone number. When you use the Reset ROS Login option, you will be asked to answer two security questions from the five security questions you have selected. If ROS customers provide incorrect answers to the security questions they will have to contact the ROS Technical Helpdesk to re-register for ROS.

    ROS sub-certificate users will not be asked to set up security questions as sub-certificate users' passwords are available to their ROS Administrator in the Admin Services tab on ROS.

    Further information
    Additional information, including videos on the ROS registration process, the Reset ROS Login option and downloading/saving your digital certificate, will be available from mid June on the ROS Help Centre.

    Certificate renewals in 2017
    You will receive further emails from September onwards regarding ROS registration and ROS Certificate renewals.

    *The Security Questions change does not currently apply to ROS Receiver registrations.


    Revenue Commissioners


Comments

  • #2
    ED E
    Registered Users, Registered Users 2 Posts: 36,169 ✭✭✭✭ED E


    The other sites you're using are consumer centric, ROS is enterprise focused. The vast majority of citizens will only ever require PAYE anytime which uses traditional chain of trust certs.


    The ROS cert is reverse authentication, normally you verify google.ie's cert is correct to ensure you're connecting to the real google, in this case ROS is checking your cert to ensure you're the real you (your client checks them too). Think of it like fancy two factor.


  • #3
    cormie
    Registered Users, Registered Users 2 Posts: 20,841 ✭✭✭✭cormie


    Thanks for the explanation. Is it not a little bit overkill though? I mean would online banking methods to sign in not be sufficient without the need for a certificate etc?


  • #4
    limnam
    Registered Users, Registered Users 2 Posts: 9,281 ✭✭✭limnam


    cormie wrote: »
    Thanks for the explanation. Is it not a little bit overkill though? I mean would online banking methods to sign in not be sufficient without the need for a certificate etc?

    Complaining about being overly secure.

    You're on the wrong fora :pac:


  • #5
    testicles
    Closed Accounts Posts: 1,198 ✭✭✭testicles


    This post has been deleted.


  • #6
    ED E
    Registered Users, Registered Users 2 Posts: 36,169 ✭✭✭✭ED E


    cormie wrote: »
    Thanks for the explanation. Is it not a little bit overkill though? I mean would online banking methods to sign in not be sufficient without the need for a certificate etc?

    The online banking you use isn't the same as the online banking Apple Inc use.


  • Advertisement
  • #7
    cormie
    Registered Users, Registered Users 2 Posts: 20,841 ✭✭✭✭cormie


    Ok ok fine, I'll just put up with it so if it's in my best interest :pac:


Advertisement