Your FBR Password will Expire in Sixty Days

Key Points of the New Policy:

• 60-Day Expiry: All IRIS passwords will now expire every 60 days. This means users will be prompted to change their password every two months to maintain access to their accounts.
• Security Focus: The primary reason for this change is to enhance the security of taxpayer data and protect against unauthorized access. Regularly changing passwords is a standard security practice that reduces the risk of compromised accounts.
• Action Required: If your IRIS password has expired, you will be unable to log in. You will need to use either the “Forgot Password” or “Change Password” option on the login page to reset your password and regain access to your account.

How to Reset Your Password:

The notification mentions two ways to reset your password:

1. “Forgot Password” Option: If you’ve forgotten your current password, this option will typically involve providing your CNIC/NTN and potentially other identifying information (such as your registered mobile number or email address). The FBR system will then send you a password reset link or code to your registered contact information.
2. “Change Password” Option: If you know your current password but want to change it before it expires, this option allows you to create a new password directly. You’ll usually need to enter your current password first for verification.

Why This Change is Important:

Regular password changes are a crucial part of online security. Over time, passwords can become vulnerable due to various factors, including:

• Data Breaches: Even if you haven’t shared your password, it’s possible that it could be compromised in a data breach on another website or service.
• Phishing Attacks: Phishing emails or websites can trick users into revealing their login credentials.
• Guessing and Brute-Force Attacks: Weak or easily guessable passwords are more susceptible to unauthorized access.Â

By enforcing regular password changes, the FBR is aiming to minimize these risks and protect taxpayer information.

What Users Should Do:

• Be Prepared for Regular Changes: Be aware that you’ll need to change your IRIS password every 60 days.
• Use Strong Passwords: Create strong, unique passwords that are difficult to guess. Use a combination of uppercase and lowercase letters, numbers, and symbols.
• Avoid Reusing Passwords: Don’t reuse the same password for multiple online accounts.
• Keep Your Contact Information Updated: Ensure your registered mobile number and email address with the FBR are accurate and up-to-date, as these will be used for password recovery.

Criticism and Considerations:

While password expiry policies are generally good security practice, there are some considerations:

• User Frustration: Frequent password changes can be frustrating for users, especially if they have many online accounts. The mandatory password reset for FBR accounts, coupled with the lack of online verification options, is a significant inconvenience for taxpayers, especially overseas users who may not have access to their registered mobile numbers. This move by the FBR, which overlooks the needs of taxpayers, particularly those abroad, is likely to cause frustration and hinder smooth tax filing processes.
• Password Complexity Requirements: The FBR should ensure that the password complexity requirements are reasonable and not overly burdensome.
• Alternative Authentication Methods: In the future, the FBR could consider implementing other authentication methods, such as two-factor authentication (2FA), which provides an extra layer of security.

The FBR’s new password expiry policy for IRIS is a positive step toward enhancing online security and protecting taxpayer data. By following the recommended practices for password management, users can ensure their accounts remain secure and avoid any disruptions to their tax filing process. It is crucial for users to adapt to this change and prioritize online security.