The IRS announced on their website page “e-Services - Online Tools for Tax Professionals”[1] that all access to e-Services beginning on December 10, 2017 requires the use of an account that was established using the IRS’s Secure Access authentication. If a professional has not established an e-Services account by going through the more detailed process, the professional will be required to sign up again using the more detailed (and difficult to complete) process.
Secure Access is meant to make it more difficult for an individual to impersonate a taxpayer or professional. As the IRS describes the program in their announcement made on December 8[2]:
Secure Access helps protect online tools in two ways: it has a more rigorous identity-proofing process which helps ensure the users are who they say they are, and it requires returning users to use a two-factor access process by entering their credentials (username and password) plus a security code sent as a text message to their mobile phone or a security code generated by the new IRS2Go app feature. This two-factor authentication process meets required federal standards for protecting information.
The IRS is technically correct that both methods are currently allowed under the National Institute of Science and Technology (NIST) standards, the use of SMS as the two-factor vehicle is less secure and the NIST has stated it is being deprecated and may no longer be acceptable at some point in the future.[3] The NIST issued this statement over a year ago.
Image copyright pixelbrat / 123RF Stock Photo
Read More