The following two items will no longer be applicable and will be removed from the application prior to the roll out of TaxSlayer Pro Online 2017:

1.  The Security Code will be removed from the Login page and from Office Setup
2.  The Security Question and Answer will be removed from the Preparer(s) Setup Menu because the user will be required to authenticate when they use the “Forgot Password” feature

Blog Posted 09/12/2017

Series 3 starts a series on scenarios and questions we are receiving via support calls and emails.

Scenario:   A person volunteers on Monday, but the volunteer is off on Tuesday and the site admin sets that volunteer as inactive until they come back to the site on Wednesday.

Q:  Does deactivating and reactivating a user have any impact on when MFA is triggered assuming the volunteer is using the same device?

A:  Deactivating and reactivating a user does not trigger MFA, unless the volunteer is outside of their designated time period for their authentication code expiring.

Blog Posted 09/11/2017

One of the common questions received yesterday (9/7/17) after launching MFA was from site administrators or volunteers with a security template allowing access to Configuration>Preparer Setup.

Scenario: I have multiple volunteers at my site that also volunteer at other sites. When I access my own Preparer(s) Setup Menu page, I can see the checkbox to allow my e-mail address to be used across multiple accounts. However, when I access the Preparer(s) Setup Menu page for other volunteers at my site, I do not see the checkbox under their e-mail address entry field.

Q1:  Why can’t I see the checkbox for my volunteers?

A1: The reason you are able to see the checkbox under your Preparer(s) Setup Menu page is because you completed the Account Update screen after MFA was launched.  As each volunteer completes the Account Update screen for their username, the checkbox will be available within their Preparer(s) Setup Menu page.

One of the actions that requires a user to get a new authorization code is three invalid login attempts.  Part of the new mandates from the IRS Security Working Group is to “lock accounts” after three unsuccessful login attempts to ensure that someone other than the user is not attempting to hijack the login credentials.

Below is the Account Verification box that will appear after three unsuccessful login attempts:

Instructions for logging in:

(1) Select your delivery option…note:  If you only have an email address on file, you will only have the option of email.

(2) Select Send Code

(3) Enter your verification code

(4) Select Verify

(5) Follow the on screen prompts to enter and verify a new password

(6) Login with your newly established password

Blog posted 09/08/2017  7:53 AM Eastern

Email addresses and cell phone numbers can be designated as being able to be used by multiple usernames by a user that has the privileges of accessing Configuration>>Preparer(s) Menu and making a designation for the email address (see below).

If you have multiple usernames and are in the process of completing the Account Update page you will get the following notification box if something you entered is not unique (primarily seeing this for cell phone number).  If you are getting this on an email address, then see information above.

Updated 10/18/2017:  This dialog box no longer exists

You will see a Unique Notification dialog box.  Click the X — DO NOT click Sync Accounts.  This is a service for our commercial accounts that have to login to multiple programs other than just Pro Online to create a single sign-in.  This does not apply to VITA/TCA because we incorporate things like Management Reports into the application.

Closing this dialog box will allow you to see what field is not unique…see example below of the cell phone number not being unique because I have already used it on another one of my user names.  My only option for receiving my authentication code for multiple user names is via Email.  Also, clicking the link in the Account Update message is not applicable to VITA/TCE.

Blog Posted 09/07/2017  11:07 AM Eastern

The Account Update page is now in effect.  The screen is different than the original screen we blogged about.  You will be required to enter and confirm the following information:

• cell phone (Optional, not required…this was resolved from an earlier status of it being required)
• email address (remember, if it is going to be used for multiple users, a user with privileges to access Preparer(s) menu must mark the box to allow multiple usernames for the email account)
• Password

Blog Posted 09/07/2017  8:02 AM Eastern

Below are items that will trigger the need for a user at their production site to authenticate as we know them today:

• The first time a user logs in to a unique device
• When a user’s authentication has expired
• When a computer is re-imaged
• Three failed login attempts
• When the “Forgot Password” feature is initiated
• (Updated Addition) Logging in with a different browser on the same computer (i.e. logging in with Chrome and then opening Internet Explorer and logging in)

Blog Posted 09/06/2017

Q1:  Does MFA apply to the Practice Lab?

A1:  No, MFA is only applicable to your production site

Q2:  I am a desktop user…does MFA impact my site?

A2:  MFA is not applicable to the software itself, however, you will have to authenticate to login to your My Account page to retrieve your Vendor Control Number.  There are other security requirements that will be applicable to the desktop application.

Q3:  Can the site coordinator complete the MFA verification process for all of the users at their site?

A3:  The purpose of MFA is to authenticate the user that is logging into the system to prepare the returns.  There is no indication in the email or text message that indicates the username that the code is for.

Q4:  If the user is going to verify their MFA information the first time they login and can update it, can we, as Admins, just leave that info blank when we create a new user?

A4:  The admin will still be required to enter an email address in when creating new users, but they can leave the cell phone blank.

Q5:  If a user is a multi-site user, do we need to check that box for each site they are setup on?

A5:  No, the selection for allowing the email address to be used by multiple users, only has to be selected one time.

Q6:  Why is TaxSlayer turning on MFA this early, when the majority of the volunteers will not be logging in to their production sites until December or January?

A6:  There are a couple of reasons:  (1) We want to give the site admins the extra time to review their user list and make any necessary changes prior to the majority of the volunteers logging in.  (2) This allows the site admin to experience the process and setup procedures that can be followed during the season. (3) Allows us to gather feedback from our year round sites so we can build FAQs and put out additional educational information.