We've considered it before, and rejected it in the absence of an outcry about it. Indeed as far as I'm aware you're the first user to even mention this as an issue.

Our reasoning is that around year end failed internet filings because of incorrect username/password are by far the single biggest query we get. You'd be absolutely astonished at the number of people who insist that they have entered their credentials correctly when HMRC reject their filing. Even after they're told that this has never once been the case users continue to argue about it, and insist that they've entered them correctly. The problem that we have is that there is no inherent way that we can independently check their username and password; either it works or it doesn't. At the moment at least they can see what they've keyed in for their password. If they couldn't see it that particular query would be made even more common and time-consuming for us, at our busiest time of the support year.

As ever, we're open minded and subject to persuasion.

We'd argue that there is already a mechanism for protecting user documents (such as payrolls) on PCs, which is the user login security. Individually protecting payroll data seems somewhat pointless when the typical PC user will have a plethora of word,excel, and PDF documents easily opened by anyone who uses that login. And indeed typically a PC account will also have Outlook or Outlook express on it, often with a horde of password details easily extracted from emails and all kinds of personal employee details in emails if the operator does payroll.

So in our opinion the correct protection mode (as defined by usage of almost everything else that ought to be regarded as "secure" on a PC) is the user login password to access the PC in the first place. Multiple users on the same PCs should have different logins.

Generation of all payroll reports and payroll data can already be password protected. The issue here is whether or not people can read the HMRC password on the employer form. Anyone who is concerned by this need merely type it in straight before filing, then remove it after filing. But as I say, if you're that concerned you really shouldn't be letting people near the rest of the information on your PC either. (emails, spreadsheets, letters, etc.) Only a very tiny minority of PC users password protect individual documents or their Outlook access.