IRS urges users to use multi-factor authentication to protect accounts

The US International Revenue Service has urged tax professionals to select multifactor authentication options whenever possible in order to reduce the risk of exposing sensitive information. Amidst the Covid-19 crisis, the IRS stressed the importance of this security practice for those working remotely or social distancing.

“Cybercriminals continue to find new ways to try accessing tax professional and taxpayer data. The multi-factor authentication option is an easy, free way to really step up protection of client data,” said IRS Commissioner Chuck Rettig. “All tax software products will make it a feature, and it’s part of a larger effort to protect taxpayers and the tax community.”

Many data breaches in the past year, the IRS wrote in its release, would have been avoided if the practitioner had enabled multifactor authentication on tax and software accounts.

Commenting on this, Niamh Muldoon, senior director of trust and security at OneLogin said:

“The IRS making this decision is a welcome a long overdue win for common sense in security – One I would love to see emulated in the UK by HMRC. Tax data is among the most sensitive PII in circulation, and the consequences of it falling into the wrong hands for taxpayers could be dire, leading to fraud and identity theft of the most serious kind. Multi factor authentication (MFA) is currently the best method by which organisations can protect themselves from such breaches, proven to prevent 99.9% of account takeovers. Whether it be a soft token, hard token, certificate or SMS, companies should look at implementing MFA across the board, not just in relation to tax data.”