The short answer is-I don't know, although i have a feeling that on the document i was sent by HMRC it stated that pass-words are not case sensitive. If I'm wrong then presumably I'd get an 'access denied' or 'incorrect pass-word' indication.
Very occasionally, a system might be case-sensitive about usernames, but that is very, very unusual. The only one I know about is our gallery here. It's so unusual that it caught several of us out on here, including me. Somewhere there will be post explaining it.
The point everyone here is making is simple: we believe that you are mistaken about the government system being case-insensitive about the password specifically. However, if you can find the letter and it confirms your assertion, then we'll all be very interested and surprised in equal measure. Until such time, all this is based on a memory of this letter. I never trust my memory at the best of times, let alone when writing in a public forum
If you can't find the letter, then next time you have cause to log in to that website, then it would be an interesting experiment to try substituting one or more upper-case letters.
If the password really is case-insensitive, then the fact they have 2-factor authentication (the phone call) will obviously help. But if so, I'm trying to work out how they even coded it. Either they're storing passwords in the database in a non-encrypted form and are doing a strcasecmp() comparison of the stored and supplied passwords, which would be case-insensitive. Or they converted the supplied password to all upper case before creating the hash to store in the database, and then do the same to any supplied passwords. But these ideas all seem really bad to me - I wouldn't consider doing it for anything at all, no matter how trivial, let alone a government website, with or without 2-factor authentication. It's less secure, and considerably more programming effort. In other words, sub-optimal in all respects.