IRS Now Requires Multi-Factor Authentication

With the news full of stories of digital security breaches and ransom payments, the IRS is taking action. As the repository of taxpayer information, the IRS has decided to take a significant step toward enhancing taxpayer protection by implementing mandatory multi-factor authentication (MFA) for certain online services. 

This move marks a broader IRS initiative to safeguard sensitive data and combat identity theft. Requiring MFA will affect anyone who interacts with the IRS’ online platforms. Let’s cover everything businesses and individuals need to know about this important change. 

What is Multi-Factor Authentication?

Multi-factor authentication is a security measure that requires users to provide two or more verification factors to gain access to an account or system. Instead of relying solely on a password, MFA adds an additional layer of security, making it much harder for unauthorized users to gain access. Common forms of authentication include:

• A password or PIN.
• A smartphone app that generates codes or a physical token.
• Biometric data like fingerprints or facial recognition.

Why the IRS is Implementing MFA?

The IRS has long been a target for cybercriminals due to the vast amount of sensitive personal and financial information it holds. By requiring MFA, the agency aims to reduce the risk of identity theft and unauthorized access to taxpayer accounts. This initiative comes in response to a surge in fraudulent activities, including the misuse of stolen identities to file false tax returns and claim refunds.

How Will This Affect Taxpayers?

Increased Security

For taxpayers, the primary benefit of MFA is enhanced security. The additional verification steps make it significantly more difficult for hackers to access your tax information. Even if a password is compromised, the second factor (like a code sent to your phone) will act as a barrier against unauthorized access.

New Login Process

When you log in to your IRS account, you will now need to complete the MFA process. This typically involves receiving a code via text message or email, which you’ll need to enter to gain access. The transition may require some adjustment, but it is designed to be user-friendly.

Potential Delays

While MFA is crucial for security, some users may experience delays during the login process, especially if they encounter issues receiving codes or if their contact information is outdated. It’s important to keep your contact information current to avoid complications.

Tips for Using MFA

1. Update Your Information: Ensure that your email address and phone number are up to date with the IRS to receive authentication codes without delay.
2. Use a Password Manager: MFA works best in conjunction with strong, unique passwords for each of your accounts. A password manager can help you keep track of them.
3. Stay Vigilant: Always be cautious of phishing attempts. Never share your MFA codes or personal information with anyone claiming to be from the IRS.
4. Understand the Process: Familiarize yourself with the MFA process before tax season kicks into high gear. This can help reduce frustration when you need to access your account.

MFA Required by Law 

Tax pros should implement MFA across all their services and data access points. In addition, they should regularly evaluate current MFA methods, standards, and technologies to stay protected against the latest threats and offer a variety of authentication methods to suit the needs of different users.  Additionally, tax pros should always enable MFA within tax software products and cloud storage services containing sensitive client data, and they should never share usernames.

The IRS's requirement for multi-factor authentication is a critical and proactive step toward safeguarding taxpayer information that follows recent similar moves like offering the option to use an IRS Identity Protection PIN. While these changes may require some adjustments on your part, the added layer of security is well worth it. By adopting these measures, you’re not only protecting your own information, but also contributing to the broader effort to combat tax-related fraud.

Ahead of the next tax deadline, remember to take the necessary steps to secure your IRS account. With MFA in place, you can have greater peace of mind knowing that your sensitive information is better protected than ever before.

As a managed IT service provider, PK Tech is proud to offer 15 years of experience with a focus on CPA firms. We boast AICPAs SOC 2 Type II attestation, proving via third-party audit by an independent CPA firm that we passed a rigorous and comprehensive assessment of our security and privacy controls. Schedule a time to chat with our team here.