Timetable for agent multi-factor authentication rollout published

HMRC has published further details of its plans to introduce multi-factor authentication (MFA) for tax agents. The rollout is intended to strengthen security across HMRC’s online services and will be introduced in stages over the coming months. What do you need to know?

Accounting Services for all your Business Support.

HMRC has confirmed that MFA will be introduced in stages, beginning during summer 2026 and extending over the following months. Agents will be notified when their accounts are brought within the new regime, with the requirement eventually applying across HMRC’s online services.

Once enrolled, users will need to provide a second form of authentication in addition to their password. This is expected to involve a code generated by an authentication app or sent to a registered device. The requirement will apply each time a user signs in to affected services.

The phased rollout is intended to give firms time to adapt their processes and ensure staff have appropriate access to authentication devices. It may prove particularly challenging for practices that rely on shared credentials or centralised login arrangements. HMRC says MFA is being introduced to strengthen account security and reduce the risk of unauthorised access. Similar requirements are already common across banking and commercial software platforms, but this will be the first time many agents encounter them when accessing HMRC services.

Firms should review how staff currently access HMRC systems and ensure contact details are up to date. Leaving preparations until the point HMRC activates MFA could result in avoidable disruption to client work and filing obligations.

back to the menu top

If you would like any assistance with any of these points.

Please Call Us on 0161 872 8671