New IRS Security Summit Identity Authentication Standards for Tax Year 2016 Require You to Take Action

Tax Law and News hacked fraud security

As required by the IRS Security Summit, we have implemented enhanced security measures for Intuit® ProConnect™ Lacerte® and ProSeries®. These new login requirements apply across all states and software companies industry-wide, including Intuit®, and will be effective when tax year 2016 software is released in November for Lacerte, and in December for ProSeries. The requirements include several changes to your login process.

What do You Need to do?

First, make sure each user at your firm has a unique password that is sufficiently “strong,” and second, make sure that you have set up your administrator credentials. Both of these actions should be completed before the 2016 software is released. This will ensure that you can download, access, and use your Lacerte or ProSeries tax software well in advance of the 2016 filing season. For more detail on the actions that you must take, please view the login requirements for Lacerte or ProSeries and take action today.

Here is a summary of the changes:

End User Authentication: New this year, all individual users associated with a tax preparation firm must create a unique username and strong password (at least eight characters, upper, lower case, digit and special characters) and use it to access their Intuit ProConnect desktop professional tax software. A primary firm administrator will need to be set up for each firm, and it will be his or her responsibility to invite and manage other users within the firm.

Inactivity Log Off: As required by the IRS Security Summit, after 30 minutes of inactivity, the user will need to re-establish the login. This was designed by Summit participants to provide the same type of protection from unauthorized data access to sensitive financial data, as found in the online banking industry.

Passwords Must be Changed Every 90 Days

Each user will be prompted to change his or her password every 90 days. Enforcing a software password that requires quarterly changes is becoming an industry standard best practice for safeguarding taxpayer data.

Want More Information?

All tax software providers are required to follow these authentication standards, and Intuit believes these are the right steps in safeguarding taxpayer information. We have taken a leadership role in partnering with the IRS, state tax agencies and other industry participants in helping define these new practices to combat the rising tide of fraud. These actions are especially important because the IRS believes, as you can see in this IRS statement, that after several years of targeting taxpayers, fraudsters have shifted and are starting to target professional tax preparers.

Our family of tax professionals are industry leaders themselves, and understand that privacy is an asset their clients depend on them to safeguard. We want them to know that nothing is more important to us than the security of their firm’s data and the data of their clients. We will continue to play a leadership role in industry efforts to combat fraud, including attending the IRS Security Summit. In the coming months, our tax professionals can depend on us to also share thought leadership on processes and tactics they can use to help them further safeguard their data.