As part of a recent HMRC developer security advisory, the HMRC have advised:
Previously the Document Submission Protocol has optionally supported MD5 hashing of passwords in client software. To align with established best practice, this approach is being deprecated and will no longer be accepted from 20 April 2019
The good news is Infinet Cloud Payroll already supports the transmission of the password in plain text whilst ensuring the password is never exposed in plain text within the account. The approach uses the NetSuite Credential field, replacing the password with a placeholder GUID (a unique 32 character string). When the RTI submission is sent to HMRC the GUID is replaced with the actual plain text password but never exposed to the account.
To transition to plain text passwords in readiness for the April 2019 simply re-run the Payroll Setup Assistant and re-enter your HMRC password. This approach is also required for the upcoming release of DPS (Data Provisioning Services)