In the digital age, data security is not just a best practice—it’s a professional obligation, especially for tax preparers handling sensitive financial information. One of the most effective tools in your defense toolkit is Multi-Factor Authentication (MFA).
Yet, despite warnings from the IRS and software providers, some users still disable MFA, viewing it as inconvenient. However, disabling MFA may put clients, businesses, and EFINs at risk.
What is MFA?
MFA or Multi-Factor Authentication requires two or more verification methods before granting access to a system. For example, a user might enter a password and a time-sensitive code sent to their authentication application or phone. This layered defense makes it significantly harder for attackers to gain unauthorized access—even if they’ve compromised your password.
Why MFA Matters More During Filing Season
Tax season is a high-target window for cybercriminals. With millions of tax returns being filed, identity thieves and fraudsters ramp up their attacks to steal data and file fraudulent returns.
The IRS, through its Security Summit initiative, urges all tax professionals to enable MFA to protect against:
- Unauthorized remote access
- Stolen password attacks
- Phishing-based breaches
- EFIN theft and misuse
Disabling MFA is an Open Invitation to Hackers
When you disable MFA in your tax software, you essentially remove a critical barrier between your clients’ confidential data and cybercriminals. Even the strongest password can be compromised through:
- Phishing emails
- Malware installed via fake software updates
- Data breaches from unrelated accounts using the same password
MFA helps prevent these attacks by requiring a second step—one that only you can provide.
Case in Point: In 2023, several tax preparers reported unauthorized access to their accounts due to reused passwords. In almost every case, those who had MFA enabled were protected. Those who didn’t? Data loss and IRS inquiries.
Drake Software and MFA: Built for Your Protection
Drake Software® includes MFA as a default security feature to help safeguard your login credentials and client information. Disabling it goes against both best practices and IRS recommendations.
With Drake, MFA is not just an option—it’s a proactive measure to:
- Maintain PTIN and EFIN compliance
- Protect taxpayer PII
· What You Can Do Right Now
- Enable MFA on all user accounts in Drake Tax® and Drake Portals®.
- Change your passwords regularly and avoid reusing them across platforms.
- Educate your staff and seasonal hires on phishing risks and the importance of MFA.
- Use secure devices and avoid logging in from public or unsecured Wi-Fi.
Convenience is Never Worth the Risk
While MFA may add an extra second or two to your login process, it could potentially save your practice from financial loss, reputational damage, and regulatory scrutiny. The minor inconvenience of using MFA is nothing compared to the devastation of a data breach.
Protect your clients. Protect your firm. Never disable MFA.
For more information, please contact our support team.
Disclaimer: This article is for informational purposes only and not legal or financial advice.
