IRS Requires Multi-Factor Authentication for Tax Professionals to Improve Security
[ad_1]
The Internal Revenue Service (IRS), in partnership with the Security Council, announced today that multiple factor authentication (MFA) is now a federal requirement for all tax professionals under the Federal Trade Commission’s protection rule. This mandate aims to strengthen the security of sensitive client information by requiring more than just a username and password to access the system.
IRS Commissioner Danny Werfel emphasized the importance of the MFA in protecting both tax professionals and their clients from potential data breaches.
Important Points in the Application of MFA
The new law, effective from June 2023, mandates the use of MFA in all platforms where customer information is accessed, including tax preparation software. MFA requires at least two authentication methods, such as:
- Something the user knows (eg, username and password).
- Something the user has (eg, a token or one-time code sent to a mobile phone).
- Something unique to the user (eg, biometric data such as fingerprints or facial recognition).
Security Summit partners, including tax professionals, industry stakeholders, federal tax agencies, and the IRS, have been working together since 2015 to protect the tax system from identity theft and fraud. Using MFA is one of the most cost-effective ways to protect against phishing, social engineering, and other online threats that exploit weak or stolen passwords.
MFA General Practices
MFA is already widely used by the public in various applications. For example:
- Smartphones: Most users unlock their devices using fingerprints or facial recognition, which serves as an additional layer of authentication.
- Online banking: Banks often require MFA for account access, especially for high-risk transactions such as money transfers.
- Online IRS account: Taxpayers using IRS Online Account services are required to use MFA, which includes signing in with an email and password, receiving a one-time passcode by text or phone, and entering the passcode to complete the sign-in process.
Legal Requirements and Best Practices
The FTC’s MFA rules apply to all businesses, including tax professionals, regardless of company size. Failure to use MFA, especially within tax preparation software, is a violation of the FTC’s security rules.
Tax professionals are encouraged to:
- Use MFA for all services and data access points.
- Regularly review and update MFA methods and technologies to stay protected from emerging threats.
- Enable MFA between all software products and cloud storage services that contain sensitive client data.
- Avoid sharing usernames to improve security.
[ad_2]
Source link