Practice Management Two-Factor Authentication: Why Your Tax Practice Needs it Read the Article Open Share Drawer Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window) Written by Christopher Denton Modified Nov 1, 2017 2 min read The current threat landscape for an accounting and tax professional is showing a growing trend of malicious actors attacking remote access points to their offices. If the office only requires a username and password to authenticate a remote user, firms are ripe for becoming a target and, potentially, a victim of a remote attacker. The combination of username and password, while a common standard, is the weakest link in the chain of online security. With data breaches in the past 12 months of nearly a billion distinct username and password combinations, it is a distinct possibility that you or your employees’ credentials have been compromised. Malicious actors use these lists, along with information gleaned from public resources and social media, to narrow down the credentials that are potentially useful when attacking an accountant’s network. Currently, one of the best defenses against this remote compromise is two-factor authentication (2FA) to access your office remotely. The term “two factors” refers to the number of steps involved in authenticating the user’s credentials, and according to Wikipedia, is a subset of multi-factor authentication in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have) and inherence (something they are). 2FA requires that you not only have legitimate credentials in order to authenticate, but that you also have another factor, such as a personal identification number that is generated on demand, physical token, fingerprint or a USB-based security key, in order to complete your login. 2FA helps to prevent the malicious actor from using stolen credentials to access your office remotely, as they will be challenged to enter the second factor and unable to access the code, token or other needed factor to complete their authentication. There are a few companies offering 2FA systems that are free to use, including Google Authenticator, available for Android– and iOS-based smartphones. Please work with your IT specialist to find out if your current method of remote access supports 2FA and what options are available for your office to employ. Editor’s note: Want more information on security and how to help prevent fraud? Sign up for the Intuit® ProConnect™ “Safeguarding Taxpayer Data” webinar. Previous Post How staffing is easier in the cloud Next Post Beating Tax and Accounting Talent Turnover While Driving Growth Written by Christopher Denton Christopher Denton is a principal security engineer with Intuit® ProConnect™. He has been involved in all aspects of security for the last 20 years, with subject matter expertise in the areas of application security, network security, forensics, incident response and threat modelling. Christopher loves to educate the industry about security issues. Chris leads the team to secure the products and e-file system for Intuit’s tax professionals. He also contributes to the IRS Security Summit to better safeguard taxpayer data across our industry. Christopher lives in Little Elm, Texas, with his wife and two cats, where enjoys cycling, Denver Bronco football and obstacle course racing. More from Christopher Denton Comments are closed. Browse Related Articles Practice Management Real tax fraud stories: It can happen to your firm Practice Management How to protect your firm and taxpayer data from COVID-1… Practice Management How to Update Your Tax Firm’s Data Safeguards Bas… Practice Management IRS Reminds Tax Pros to Use Strong Passwords, Encryptio… Practice Management 5 Best Practices in Tax Firm Security Tax Law and News New IRS Security Summit Identity Authentication Standar… Practice Management Cybersecurity basics for the tax practice Client Relationships Educating Your Tax Clients About Security Threats Practice Management An Inside Look at Tax Office Data Theft Practice Management 3 key considerations in recordkeeping for crypto estate…