The Federal Tax Ombudsman (FTO) has decisively rejected the Federal Board of Revenue’s (FBR) policy mandating a 60-day expiry for taxpayers’ passwords, directing the revenue body to formulate a new, more equitable approach. The FTO found the existing policy, implemented without taxpayer consultation, to be “arbitrary and unfair,” thereby constituting “maladministration” under the FTO Ordinance 2000.
This directive follows an own motion investigation launched by the FTO after receiving multiple complaints from taxpayers facing hardships due to the requirement to change their passwords every two months.
Policy Deemed Harsh and Inconsiderate
According to the FTO’s findings, the universal application of the password expiry rule is a “harsh measure.” The investigation highlighted that taxpayers attempting to reset forgotten passwords must navigate a cumbersome eight-step process. The FTO contended that the FBR should have initially identified taxpayers whose data was genuinely prone to cybersecurity threats and restricted such stringent data update measures to these vulnerable accounts only.
It was noted that the contested policy stemmed from recommendations by an internal committee of PRAL/FBR, with no input sought from other stakeholders, including the taxpayers themselves.
Call for Stakeholder Consultation and Balanced Approach
The FTO has instructed the Secretary of the Revenue Division to establish a committee comprising all relevant stakeholders, including leaders from the business community. This committee will be tasked with reviewing the current 60-day password update policy and developing a new framework based on comprehensive input.
As an alternative, the FTO suggested that taxpayers’ passwords should not forcibly expire. Instead, the system could issue warning messages, similar to those used by banks, alerting users with longstanding passwords to the potential risks of hacking and encouraging them to update their credentials.
The directive emphasizes the need for a password policy that balances security concerns with taxpayer convenience and does not place an “extra drain on taxpayers’ resources.”




