With heightened threats during COVID-19, the IRS and Security Summit partners have called on professionals to select multi-factor authentication options whenever possible to prevent identity thieves from gaining access to client accounts.
Starting in 2021, all tax software providers will be required to offer multi-factor authentication options on their products that meet higher standards. Many already do so. A multi-factor or two-factor authentication offers an extra layer of protection for the username and password used by professionals. It often involves a security code sent via text.
The public awareness initiative by the IRS, state tax agencies and the private-sector tax industry – working together as the Security Summit – spotlights basic security steps for all practitioners, but especially those working remotely or social distancing in response to COVID-19.
"Cybercriminals continue to find new ways to try accessing professional and personal data. The multi-factor authentication option is an easy, free way to really step up protection of client data," said IRS Commissioner Chuck Rettig.
Of the numerous data thefts reported to the IRS from professional offices this year, most could have been avoided had the practitioner used multi-factor authentication to protect accounts.
Thieves use a variety of scams – but most commonly by a phishing email – will download malicious software, such as keystroke software. This malware will eventually enable them to steal all passwords from a professional.
However, with multi-factor authentication, it's unlikely the thief will have stolen the professional's cell phone so they would not receive the necessary security code to access the account. This protects the professional's account information.
Professionals can download to their mobile phones readily available authentication apps offered through Google Play or the Apple Store. These apps will generate a security code. Codes also may be sent to professional's email or text but those are not as secure as the authentication apps. Use a search engine for "Authentication apps" to learn more.
In additional to software accounts, professionals should use multi-factor authentication wherever it is offered. For example, cloud storage providers and commercial email products offer multi-factor protections as do social media outlets. IRS e-Services is an example of an account using multi-factor authentication.