It’s tax season, and if you’re like many people, you make use of one of the numerous e-file platforms offered by TurboTax, TaxAct, and similar companies. Unfortunately, tax season also presents a tremendous opportunity for hackers. So much that the IRS has issued a formal warning to accountants and taxpayers alike, urging them to enable two-factor authentication to minimize the risk of identity theft.
The IRS warning grew out of the fact that over the last few weeks, they received dozens of reports from accountants around the country about data theft.
If you use a third-party, online tax service like the ones we mentioned above, it pays to heed the IRS’ warning and enable 2FA on your account. That is, in order to provide better security and minimize the risk that your tax account could be hacked. If it is hacked, it will give hackers access to everything they need to steal your identity and make your life miserable for months, and possibly years to come.
If you have an accountant who handles your taxes for you, then it pays to at least have the conversation and find out what they’re doing and how they’re filing your taxes for you. You should find out if/when/where e-filing enters into the equation to be sure they’re using 2FA as well to better protect your data. If they’re not, it’s a serious enough issue that it may be worth considering switching to someone who takes security more seriously.
Since 2015, the IRS has been working with Security Summit Partners, which is a cooperative agency that includes state tax agencies, tax preparation firms, software developers, payroll processors and banks. The purpose of the collaboration with the group is to ensure that multi-factor authentication features are widely available to everyone in the tax and tax preparation business.
Unfortunately, availability does not always translate into adoption. Either way, kudos to the IRS for being proactive and doing all they can to help protect taxpayers from opportunists. Long story short: If you’re filing your taxes digitally, or someone’s doing that for you, make sure 2FA is enabled.