In an advisory to taxpayers, the department's TDS (Tax Deducted at Source) Centralised Processing Cell (CPC) told assessees that their "user ID and password are the most sensitive information, misuse of which can lead to tampering of confidential TDS-related information, your own sensitive data and deductee-related confidential information".
It further said that "if a password is hacked or stolen, it can result in information security breach, leading to undesirable consequences, including privacy violations".
It asked taxpayers to exercise caution in use of log-in credentials at TRACES, which should not be disclosed to any unintended or unauthorised individual. "If shared, the person using login credentials shall also be liable to consequences," it added.
TDS Reconciliation Analysis and Correction Enabling System (TRACES) helps easy filing of tax deducted at source (TDS) or tax collected at source (TCS) correction statements by deductors/collectors and related functionalities.
The taxman asked users to secure their password with at least eight characters in length and a combination of lower case, upper case, numeric and special characters.
"Do not write your password on notepads or the whiteboard at your desk," it cautioned.
"Keeping sensitive information such as passwords in e-mails, folders and files in the computer can be risky. If the e-mail or computer account is hacked, then the perpetrator could misuse the passwords, steal money from your bank accounts, misuse your e-mail account or credit/debit card to access sensitive information from your machine," it said.
It has also asked users not to use the same password for different accounts. "Using the same password for more than one account is similar to carrying one key that unlock your house, car, office and safety deposit box. One lost key could let a mischievous unauthorised user unlock all doors," the department warned.
It went on to advise against sharing log-in credentials as also using the login credentials of any person other than the authorised one appointed by the deductor for carrying out any activity on TRACES.
"You are requested to similarly treat Digital Signature Certificate with utmost security, as the user ID and password on TRACES," it said.