Security is a critical part of the customer experience. The security of Intuit's products remains our top priority and Intuit will continue to invest in security to ensure our products have industry-leading protection.
Intuit has increased our investment in technology and people to improve cyber security to help protect customers from fraud. We also have a team of dedicated technologists and data scientists working 24/7 to refine our processes and stay ahead of the criminals. Intuit has a number of security measures in place to protect our customers and we continue to strengthen the security features.
Our rigorous fraud detection and prevention program includes:
- Implementing multi-factor authentication (MFA): MFA helps Intuit verify that a user is the account owner when attempting to access an account. For more information, see here.
- Sophisticated data analytics and risk models developed by fraud data scientists to help Intuit better prevent and detect fraudulent activity.
- Role Management for My Account. This feature provides the ability to add, edit, or view information in My Account based on Permissions.
Frequently Asked Questions
Role Management in My Account
My Account now offers a new feature with the introduction of Role Management. This feature provides the ability to add, edit or view information in My Account based on Permissions.
As a result of this change, only the Primary contact (Account Admin) on the account will have permission to add/edit information in Account Management for Contacts, Addresses and Account Overview. The Primary contact (Account Admin) can provide Account Admin permissions to other contacts on the account.
By default, all "contacts" on the account will have permissions set to Employee and ProSeries Admin or Lacerte Admin & Lacerte Report views depending on the product purchased. The Account Admin may change these permissions at their discretion.
At this time, you will not be able to delete online contacts via My Account.
For more information see Role Management via My Account.
What exactly is multi-factor authentication?
Multi-factor authentication, or MFA, is one way to combat fraud by asking customers for information that only they should know and have. Think of it as needing a personal identification number to use an ATM card. If the ATM card falls into the wrong hands, it can't be used without knowing the PIN. For More Information see Security Changes - Multi-factor Authentication
Are you adding MFA to other Intuit products?
We're in the process of adding MFA to all relevant products.
Why do I have to take all these steps to get into my account?
We have increased the number of steps to access your account because of the increase of identity theft and fraudulent tax filings. You entrust us to protect sensitive data and we take that seriously. Our customers' privacy and security is job one.
Is my account safer?
As an industry leader, Intuit is continuing to work in concert with the IRS, states, and industry to further strengthen the American tax system and decrease tax fraud on several fronts. The addition of features like stronger passwords, notifications, and MFA to our Professional Tax products is one of the actions we're taking to protect customers' information and combat tax fraud. Tax fraud is constantly evolving and we will evolve with it. We always recommend that customers take precautions to protect their identity. It is important that users not only create strong passwords but more importantly, create unique passwords for each of their accounts.
What to do if you don't receive the MFA code
If the multi-factor authentication (MFA) code isn't being sent or received when trying to access My Account, your security settings may be blocking it.
I checked my email/phone and I didn't receive the code, what should I do?
It may take a few minutes for the code to arrive. You may also want to check your bulk/junk/spam mail folder to see if the code is there. If the code does not arrive, you can click the Didn't receive a code link in the Check your email window to generate another code.
Important: once you generate a new code, any prior code will expire. It is important that you use the most recent confirmation code in the Check your email window.
My code doesn't work, what should I do?
If you have typed the exact code that was sent and it doesn't work, this is most likely because you have generated multiple codes and are not using the most recent one. Please click Didn't receive a code, then wait until the new code arrives. This may take several minutes. Use the most recent code sent to you.
Note: some email platforms append emails from the same sender, so your latest code may display as a response or reply to one of the earlier codes.
Will I be asked to do this every time I log in/connect to Connected Services (ITO/Lacerte/ProSeries)?
When you log in from a new computer or change your sign-in information such as your user ID, email address, or password, you will be required to take these additional steps to validate your identity.
What if my email and phone number are not current?
The confirmation code will be sent to the email address or phone number currently associated with your account. If you do not have access to the email address or phone number associated with your account, you will need to verify your identity another way. You can select "Confirm my account a different way."
PTG Key Messages
- Tax fraud continues to be a threat that evolves, testing the entire tax system, and in particular, targeting both DIY preparation and the tax preparer community. Both the industry and federal and state governments have evidence of this activity.
- The security of our products remains our top priority and we are continuing to invest to ensure our products have industry-leading fraud protection.
- As part of our rigorous fraud detection and prevention program, Intuit is implementing several features such as multi-factor authentication (MFA) in products including, our Professional Tax products (ProSeries, Lacerte, ITO, Link, Profile).
- MFA enables us to verify your identity when you access your account. It strengthens existing security measures already in place to further safeguard our tax professionals and their clients
- When customers access their account for the first time or from a new device, Intuit will ask them to verify their identity (also called, a "challenge") by automatically sending a unique, one-time code to their pre-designated, trusted device - email or mobile phone - to be used in combination with their password to access their account. This extra layer of protection, enabled for all Intuit Professional Tax products, verifies identity and lets customers securely sign into their accounts.
These FAQs should help you answer your customer's questions.
You may speak with a customer who has encountered this process and wants to know why we are doing this.
What is MFA?
- Multi-factor authentication, or MFA, is one way to combat fraud by asking customers for information that only they should know and have.
- Think of it as needing a personal identification number to use an ATM card. If the ATM card falls into the wrong hands, it can't be used without knowing the PIN.
What can I tell customers if they ask why we are doing this?
- We know their business data is very important to them and so we have added an extra layer of security to protect their account.
- This extra security means that any time they try to change their account sign-in information, they may be asked to log in again and be asked to enter a one-time confirmation code sent to their email.
Does this mean that someone tried to hack their account?
- No. This extra layer of security is being implemented as an industry best practice for all of Intuit's products.
What if the customer says that their confirmation code didn't work?
- It can a few moments for the code to arrive in their inbox. Because of this, sometimes a customer will click the link to generate the code multiple times. Each time a new code is generated the previous code expires.
- It is very important that the customer use only the most recent code generated. Please ask them to wait for that code to arrive and thank them for their patience.
- If it seems the code has not arrived after several minutes, have them check their bulk/junk/spam email folder.
Note: Some email platforms, such as Google, will append multiple emails from the same sender and with the same subject line. As a result, the most recent code may appear as a 'reply' to the original code.
What if they are trying to change their email address and don't understand why they should have to use their old email address to confirm the change?
- Tell the customer that to make sure that it is really them and not someone else making the change, we have added the extra security that requires the confirmation code and we have to send that code to the email address we have on file first before they can change that.
- If they have access to that email address, they should use the confirmation code sent to it to sign in, then they can change their email address and any future login confirmations will be sent to their new email address.
Will changing their email address also change their User ID?
- No. Changing your email address does not change your User ID.
- Most customers find that keeping their User ID and their email address the same is the simplest way to remember their user ID.
- We recommend that they change their User ID if it is the same as their email address. Otherwise, they will have to remember to use their old email address as their User ID and this could be confusing. To change their user ID, they need to edit the User ID field on the same account management page.
- For customers with more than one Intuit product or service associated with their account and User ID, this User ID change will affect all of those products.
- Any updates to this article must be approved by Corporate Communications prior to publishing.