IRS & Security Summit: Use Multi-Factor Authentication to Protect Accounts


Data is valuable and the data held by tax and accounting firms is the virtual gold the scammers are looking to get their hands on. In light of this fact and the heightened threats during COVID-19, the Internal Revenue Service and Security Summit partners recently called on tax professionals to select multi-factor authentication options whenever possible to prevent identity thieves from gaining access to client accounts.

Starting in 2021, all tax software providers will be required to offer multi-factor authentication options on their products that meet higher standards. A multi-factor or two-factor authentication offers an extra layer of protection for the username and password used by the tax professional. It often involves a security code sent via text.

“Cybercriminals continue to find new ways to try accessing tax professional and taxpayer data. The multi-factor authentication option is an easy, free way to really step up protection of client data,” said IRS Commissioner Chuck Rettig. “All tax software products will make it a feature, and it’s part of a larger effort to protect taxpayers and the tax community.”

Of the numerous data thefts reported to the IRS from tax professional offices this year, most could have been avoided had the practitioner used multi-factor authentication to protect tax software accounts.

Thieves use a variety of scams – but most commonly by a phishing email – will download malicious software, such as keystroke software. This malware will eventually enable them to steal all passwords from a tax pro. Once the thief has accessed the practitioner’s networks and tax software account, they will complete pending taxpayer returns, alter refund information and use the practitioner’s own e-filing and preparer numbers to file the fraudulent return.

However, with multi-factor authentication, it’s unlikely the thief will have stolen the practitioner’s cell phone so he would not receive the necessary security code to access the account. This protects the tax pro’s account information.

Practitioners can download to their mobile phones readily available authentication apps offered through Google Play or the Apple Store. These apps will generate a security code. Codes also may be sent to practitioner’s email or text but those are not as secure as the authentication apps. Use a search engine for “Authentication apps” to learn more.

In additional to tax software accounts, practitioners should use multi-factor authentication wherever it is offered. For example, cloud storage providers and commercial email products offer multi-factor protections as do social media outlets. IRS e-Services is an example of an account using multi-factor authentication.

Here’s a PDF on protecting data at home while working virtually from the IRS.

Information from IR-2020-170.

Like what you’re reading?

Subscribe to our FREE newsletter and we’ll deliver content like this directly to your inbox.

Previous articleIRS Form 1040-X Electronic Filing   
Next articleThe Massive Misappropriation of Time
Gary DeHart has worked in media for more than 25 years and has been instrumental in developing new revenue streams and business opportunities for the companies he has worked for. Prior to launching Insightful Accountant (formerly Intuitive Accountant), Gary was the Associate Publisher of Accounting Today. Prior to working in media serving the public accounting market, he worked in media for employee benefit managers and brokers, automotive design, textile manufacturing and recreational boating. In addition to being the Publisher and Managing Partner of Insightful Accountant, Gary works with select clients within the accounting market on channel development and growth. He is an Assistant Scoutmaster with the Boy Scouts of America, enjoys fly fishing, time on the beach, cooking on the Big Green Egg and spending time with his family.