TaxCycle | Products | Pricing | Training | Documentation | Support | News

Afr is live again

The efile system is backup this evening have fun with the security it takes longer but should be better.

Ugh the security is hard on the eyes… but happy to be up and running.

I tried Rep a Client but it didn’t recognize my username and password. AFR says it is not active at this time.

Same with everyone in our office that has tried. We can make it through the three pages of boats, buses and bikes, but it just says that our username or password is incorrect. I am wondering if they have expired all passwords - can’t find any mention of this.

It let me in 5 minutes ago after three pages of identifying bicycles so they didn’t reset the user names/passwords.

I tried going in through my Partner Access but now I need an Access Code along with my postal code. I have the PC but no access code.

Did the truck and motorcycle about 7 times but get nothing.

There is quite a delay between getting the CAPTCHA complete (usually 3 screens!) and the login. It happens, but there is a notable delay where the screen just sits on the login page…then does the log in.

It’s working for me now. Only one screen of selecting CAPTCHA pictures for me.

Same here but strangely I was forced to change my password. Perhaps because my existing one did not conform to their new password criteria?

Well that would be normal behaviour where non-compliant passwords are found (for actually competent web-service delivery organizations…for CRA, who knows?).

Did they list the new criteria? I did just change my SC/GCKey password and saw criteria there, of course. Have not yet done so on CRA.

I have been accessing this morning, but with the CAPTCHA pictures.

It is working for us here. I just did a T2 AFR. T1 season is going to be a pain if we have to go through three pages of pictures every time we do AFR.

They could just use an authentication app instead of the pictures.

Yes, 2 factor authentication would be easier.

Authentication Apps can be hacked, as they are just software code on your computers/phones. The best solution is “true 2FA” using a device like a Yubikey to verify the authentication (or the use of the Auth App) as it exists separately from your devices.

And, for all those that use Auth Apps, if you don’t back up the code originating the authentication, if your phone/computer/whatever is lost or stolen you are going to have a charming time trying to get back in to some of those sites. Others are stupid enough to only send an SMS message back to your phone, which, of course, we know already is useless as security.

It is time for EVERYONE to step up their security game! Password vaults (yes, there is an excellent Canadian company 1Password, with Canadian-locus storage on the .ca site) and, at a minimum, Authentication Apps.

Note: I use 1P and Yubikeys but have no affiliation whatsoever with either.

Security platforms along the lines of HYPR are also looking like the way of the future. They integrate with Yubikey as well. They just remove the need for passwords altogether.

I love my Yubkeys!! Kinda bugs me that they’re only purchasable in $US, but oh well. I have something of a collection going now, and running back through early versions. The new NFC or Lightning-adapter ones for iPhones are terrific.

I also quite like 1Password as a vault for corporate use. Just getting a group of 30 running on it (a client) and am quite impressed with the support response as needed.

Put the two things together and you’re pretty airtight (so far).

Thanks for this tip.
https://www.yubico.com/products/