The IRS asks tax professionals to enable multi-factor authentication


MFA

The U.S. Internal Revenue Service is asking tax professionals to enable additional forms of authentication in software that provides the option as an improved defense against hacker takeover attempts.

The agency specifically refers to multi-factor authentication (MFA), which requires at least two supplementary data points besides the username/password combination to check the identity of a user.

A step down from this security standard is two-factor authentication (2FA), a subset of MFA, where the user needs to provide their credentials and another form of authentication, such as a code received on the phone or generated by an application.

Protect tax software accounts

The IRS asking professionals to enable MFA where possible is part of a five-part series of tips for protecting tax data, especially if they are working remotely. The campaign is called “Working Virtually: Protecting Tax Data at Home and at Work.”

“Of the numerous data thefts reported to the IRS from tax professional offices this year, most could have been avoided had the practitioner used multi-factor authentication to protect tax software accounts” – U.S. Internal Revenue Service

To make its point, the agency describes a scenario where an attacker compromises a tax professional’s network or computer and uses malware to steal the login to their tax software account.

Without MFA or 2FA, the hacker can complete pending taxpayer returns, alter refund information, and file a fraudulent return. Adding one of these layers of security, though, prevents the attacker from accessing the account.

In this scenario, 2FA would prevent the account takeover since the attacker would need the second authentication code, which is typically obtained from the victim’s mobile phone (delivered either via text or generated by a dedicated app).

Starting 2021, this extra security step will be a requirement for all providers of tax software to defends against unauthorized access to customer accounts.

The IRS seems to recommend 2FA, pointing professionals to authenticator-type of apps in Google Play and Apple Store find security code generators that are compatible with their tax software.

The recommendation for 2FA goes beyond tax software, though, and should be used wherever possible as threat actors are after credentials for other services, too (social media, email, cloud storage).

This public awareness initiative is from the IRS, state tax agencies, and the private-sector tax industry, all working together as the Security Summit.



Source link

Recent articles

Augmenting AWS Security Controls | Threatpost

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal...

Google training documents advise avoiding monopoly language

Alphabet and Google employees are trained to avoid using certain words and phrases in internal communications and “assume every document will...

Commemorate Universal’s Halloween Horror Nights at Home With These NEW Face Masks!

If we’re honest, the cancellation of Universal’s Halloween Horror Nights broke our little fright night loving hearts this year! Tribute Store Even though we know...

Bank of America strategist: ‘I’m so bearish, I’m bullish’

Only on Wall Street would an investment research report titled, “I’m so bearish, I’m bullish”...

Genshin Impact PS4 Release Date to Land This Fall

The team at miHoYo is currently working on a gorgeous open-world action-RPG, Genshin Impact. PlayStation 4 players worldwide will be able to venture into...

Triumph preps to sell G650 and composites work as refocus continues | News

Aerospace supplier Triumph Group this week progressed with a plan to divest its aerostructures divisions, saying it has signed deals to sell business-jet...

Leave a reply

Please enter your comment!
Please enter your name here