When early retirement plan withdrawals are penalty free
Taxes are part of travel, but at least many business trip expenses are deductible

2-step authentication system on the way for access to more IRS online services

Computer users, which nowadays means almost everyone, used to be told to follow the X-file's advice when it came to cyber security: Trust No One.

IRS is moving to two-step authentication for more of its online services beginning in late October.

That's still true, but unfortunately, it's not enough.

Crooks cracking everyone's computer codes: Nowadays, as First Lady Michelle Obama, Democratic White House hopeful Hillary Clinton and millions of Yahoo email account owners know, in today's increasingly hackable electronic world, the operable phrase for online life is No One is Safe.

And Uncle Sam's tax collector is not immune from online intruders either.

Hackers, primarily using information they gleaned from other sites, have attacked some of the Internal Revenue Service's most popular online services. The intruders have forced the tax applications temporarily offline. In the case of Get Transcript, the service was unavailable for more than a year.

But the IRS can't afford to surrender to cyber crooks, especially since the country's tax collection and enforcement agency it's looking to go even more digital as part of its Future State plan.

So, as part of its Security Summit partnership which is continually looking at public and private identity security, the IRS is doubling down with a more secure two-step authentication requirement for its online services.

That dual security step expansion earns 2 this week's By the Numbers honor.

New security system for tax pros: Tax professionals are the latest sector encountering this IRS doubling down on online security.

The new two-factor identity authentication process, which the IRS is calling Secure Access, will help, the IRS hopes, protect tax professionals, their clients and the government's systems.

Effective Oct. 24, the IRS will have in place added protections for e-services accounts that will require a stronger identity verification process. It will apply to both current users, as well as new sign-ups.

Existing e-services users will have to re-register and verify their identities, most through the new Secure Access platform. If you don't revalidate your identity, you'll lose your current access to e-services options.

Affected taxpayers: So just who will encounter the new two-factor authentication on Oct. 24? Anyone who currently is registered with the IRS as:

  • Electronic Return Originators (ERO);
  • electronic tax transmitters;
  • large business taxpayers who are required e-file certain tax reports and/or payments;
  • software developers;
  • reporting agents;
  • not-for-profit users, such as Volunteer Income Tax Assistance (VITA) and Tax Counseling for the Elderly (TCE) programs, and Low-Income Taxpayer Clinics (LITC);
  • states tax departments that use Transcript Delivery Service;
  • Income Verification Express Service (IVES) participants; and
  • those who must meet several Affordable Care Act (aka Obamacare) tax responsibilities, including insurance provider fee payers, branded prescription drug filers, and ACA Information Return Transmitters/Issuers,

If you only use e-services for Taxpayer Identification Number (TIN) matching, you also will need to validate your identity. However, the IRS says that since there isn't an exchange of sensitive data here, you will have a more streamlined TIN-related process.   

Getting in under the new system: When you return to your e-services account on or after Oct. 24, the IRS says you will be directed to update your account information.

The new Secure Access process will include identity proofing, financial verification and mobile phone verification.

All returning users can log in with their existing user names and passwords. Then, after submitting financial account information -- for example, the last eight digits of a credit card or a car or home loan account number -- for ID verification, they will get via a text on their , mobile phones a security code. That activation code will then let them into their accounts.

If you don't have a mobile phone of it doesn't accept text messages, you need to request an activation code be sent you by snail mail.

Folks seeking access to an online IRS account for the first will need much the same info as returning users to set up a new account.

So pick the email address you want to use and then round up your Social Security number, the filing status and address used on your last tax return, as well as some personal financial info, such as an account number for a credit card or loan.

A mobile phone also is necessary for new IRS online services enrollees who want to get an access code that will allow quicker access to a new account.

Help on hand: The IRS plans to have additional staff at its tax professional e-Help Desk for the Oct. 24 Secure Access launch to help anyone who might encounter difficulty with the tougher identification process.

If you do need help, the IRS warns that additional assistance may include identity authentication by phone and an activation code by mail which will take five to 10 calendar days for delivery.

You also can go now to the IRS' special IRS web page detailing how to register for certain online IRS self-help tools to learn more about the new Secure Access steps.

The double ID verification system was first initiated as the IRS brought its Get Transcript and Identity Protection Personal Identification Number (IP PIN) tools back online after they were compromised by hackers.

After this latest group of taxpayers gets comfortable with Secure Access, the IRS plans to add the two-step ID authentication procedures to more online services.

You also might find these items of interest:


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.