What is MFA (Multi-Factor Authentication)?
Utilizing something other than what you know to authenticate yourself. An example of MFA already in use by the IRS SPEC employees is the requirement to use your badge as a factor of logging in to their computer.
Why implement MFA?
Due to the heightened awareness of personal identity theft and the growing world of cyber threats, TaxSlayer will be implementing MFA to their Professional Web-based product, TaxSlayer Pro Online. These changes will fall in line with the IRS’s release of the Security Summit’s guidance. With the VITA/TCE sites using borrowed computers and/or computers in locations such as libraries and community centers, MFA will add an additional layer of protection to mitigate the risk of identity theft from cyber intrusions.
What is the implementation plan?
The first time a user logs in to a unique device with TaxSlayer Pro Online 2017, they will be required to go through multi-factor authentication. They will have the option of receiving the authentication code via email or text.
What can sites do now to start preparing?
Review the active users currently setup at your site to ensure they have unique email addresses. The MFA system will validate the uniqueness of the email address during the authentication process. Receiving a text message with the code is also an option and will also require a unique cell phone number.
What if the preparer volunteers at multiple sites and has multiple usernames tied to their email address?
We are in the process of designing a process that will allow for this scenario that will be in place prior to the release of TaxSlayer Pro Online 2017.
Staying in the Loop.
We will be creating educational and training posts over the next few months to keep everyone updated. Protecting your taxpayer’s data is a top priority for TaxSlayer.
Blog Posted 08/16/2017