{"id":6191,"date":"2026-03-31T06:46:32","date_gmt":"2026-03-31T06:46:32","guid":{"rendered":"https:\/\/www.acobloom.com\/us\/?p=6191"},"modified":"2026-03-31T07:07:01","modified_gmt":"2026-03-31T07:07:01","slug":"irs-security-requirements-for-tax-preparers","status":"publish","type":"post","link":"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/","title":{"rendered":"How Multi-Factor Authentication Helps Meet IRS Security Requirements\u00a0"},"content":{"rendered":"\n<p>In June 2023, the IRS made Multi-Factor Authentication (MFA) mandatory for tax preparers due to a significant rise in data threats.&nbsp;As&nbsp;one of the most common targets of data and cybersecurity threats,&nbsp;tax&nbsp;preparers&nbsp;have a duty to enforce Multi-Factor Authentication systems. This is essential to protect their clients&#8217; data, as outlined in Publication 4557.&nbsp;Multi-Factor Authentication is like a door with multiple locks on&nbsp;it,&nbsp;and each of those locks must be opened in a specific manner with only a limited number of&nbsp;individuals&nbsp;holding the keys.&nbsp;<\/p>\n\n\n\n<p>For tax preparers, having an MFA system means that even if a cybercriminal manages to obtain their password through a phishing scam or data&nbsp;breach, they&nbsp;will&nbsp;still need the second &#8220;key,&#8221; typically a unique, time-sensitive code sent to the preparer&#8217;s mobile device,&nbsp;to access sensitive client data and IRS e-filing systems. This crucial extra layer of security significantly hinders unauthorized access, safeguarding confidential information. It also helps tax preparers meet their professional and legal obligation to protect taxpayer data.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This blog helps tax preparers understand that\u00a0implementing\u00a0an MFA system will fulfill\u00a0the\u00a0<strong>IRS Security Requirements<\/strong>\u00a0<strong>for tax preparers<\/strong>\u00a0and, to do\u00a0so, what an ideal MFA system should\u00a0include.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_50 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-69d49c52b619c\" aria-hidden=\"true\"><span style=\"display: flex;align-items: center;width: 35px;height: 30px;justify-content: center;direction:ltr;\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/label><input  type=\"checkbox\" id=\"item-69d49c52b619c\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/#How_Multi-Factor_Authentication_Helps_Meet_IRS_Security_Requirements\" title=\"How Multi-Factor Authentication Helps Meet IRS Security Requirements&nbsp;\">How Multi-Factor Authentication Helps Meet IRS Security Requirements&nbsp;<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/#Verifies_User_Identity\" title=\"Verifies User Identity&nbsp;\">Verifies User Identity&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/#It_acts_as_a_protective_wall_against_unauthorized_access\" title=\"It acts as a protective wall against unauthorized access&nbsp;\">It acts as a protective wall against unauthorized access&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/#It_protects_EFINs\" title=\"It protects&nbsp;EFINs&nbsp;\">It protects&nbsp;EFINs&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/#It_enhances_overall_security_posture_during_tax_preparation%E2%80%AF\" title=\"It enhances overall security posture&nbsp;during&nbsp;tax preparation\u202f&nbsp;\">It enhances overall security posture&nbsp;during&nbsp;tax preparation\u202f&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/#It_mitigates_the_risk_of_stolen_credentials\" title=\"It mitigates the risk of stolen credentials&nbsp;\">It mitigates the risk of stolen credentials&nbsp;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/#It_protects_from_specific_cyberattacks\" title=\"It protects from specific cyberattacks&nbsp;\">It protects from specific cyberattacks&nbsp;<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.acobloom.com\/us\/blog\/irs-security-requirements-for-tax-preparers\/#Conclusion\" title=\"Conclusion&nbsp;\">Conclusion&nbsp;<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Multi-Factor_Authentication_Helps_Meet_IRS_Security_Requirements\"><\/span>How Multi-Factor Authentication Helps Meet IRS Security Requirements&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Multi-Factor Authentication helps tax preparers meet&nbsp;<strong>IRS Security Requirements<\/strong>&nbsp;<strong>for tax preparers<\/strong>. It serves as a crucial step toward&nbsp;establishing&nbsp;a robust and secure system. This system prevents data leaks and identity theft,&nbsp;ultimately protecting&nbsp;tax preparers\u2019&nbsp;clients. Here\u2019s how MFA systems meet&nbsp;<strong>IRS Security Requirements<\/strong>&nbsp;<strong>for tax preparers<\/strong>:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2026\/03\/12953633_Data_security_29.svg\" alt=\"\" class=\"wp-image-6194\" style=\"width:389px;height:auto\"\/><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Verifies_User_Identity\"><\/span>Verifies User Identity&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>An&nbsp;additional&nbsp;security level for users is provided by MFA, which goes beyond the traditional use of just a username and password for user identification by adding an&nbsp;additional&nbsp;layer of protection. There are several ways to verify and authenticate a user&#8217;s identity with MFA, and they consist of:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Knowledge:<\/strong>&nbsp;Knowledge-based authentication is based on something that a user knows such as a password.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Possession:<\/strong>&nbsp;The second category, possession, uses an item that belongs to the user to provide a second layer of security that is separate from the username and password. Examples include a one-time code sent to the user&#8217;s mobile phone or a USB token that generates the code and sends it to the user.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Biometrics:<\/strong>&nbsp;These methods include fingerprints, facial recognition and other ways that&nbsp;identify&nbsp;an individual as themselves.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Using multiple&nbsp;authentication methods to verify identity increases the likelihood that the individual attempting to log in is the authorized user and not an unauthorized user.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.acobloom.com\/us\/contact-us\/?utm_medium=orgnc&amp;utm_source=blog&amp;utm_campaign=us&amp;utm_content=consulting&amp;utm_term=in-content-cta-blog-banner\" target=\"_blank\" rel=\" noreferrer noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"367\" src=\"https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-1024x367.jpg\" alt=\"Outsourcing Revenue Cycle Management\" class=\"wp-image-2783\" srcset=\"https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-1024x367.jpg 1024w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-300x108.jpg 300w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-768x276.jpg 768w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA-1536x551.jpg 1536w, https:\/\/www.acobloom.com\/us\/wp-content\/uploads\/2024\/07\/Outsource-Accounting-Services-CTA.jpg 1920w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"It_acts_as_a_protective_wall_against_unauthorized_access\"><\/span>It acts as a protective wall against unauthorized access&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Incorporating MFA by integrating another form of authentication to one already existing&nbsp;establishes&nbsp;a major deterrent against intruders breaching security&nbsp;systems,&nbsp;which is&nbsp;similar to&nbsp;how a deadbolt locks out intruders&nbsp;attempting&nbsp;to enter through the knob&#8217;s latch. If an intruder were able to&nbsp;acquire&nbsp;your password via theft or human manipulation (i.e., phishing&nbsp;scams), he\/she would still&nbsp;require&nbsp;your second factor before they&nbsp;would&nbsp;be allowed access. Therefore, MFA limits the possibility of a non-permitted party obtaining sensitive client\/personal information and internally stored data on organizational systems.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"It_protects_EFINs\"><\/span>It protects&nbsp;EFINs&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The Electronic Filing Identification Number (EFIN) is an essential identifier for&nbsp;<strong>IRS tax preparer security requirements<\/strong>&nbsp;that allows tax returns to be&nbsp;submitted&nbsp;electronically to the&nbsp;<strong>IRS tax&nbsp;preparer&nbsp;security requirements<\/strong>. If the EFIN is compromised, identity thieves can use it to file fraudulent returns in the tax preparer&#8217;s name.&nbsp;Tax professionals can help protect their business and clients from fraud by securing the systems and software in which they use or store their EFINs with multi-factor authentication (MFA) to hinder unauthorized access to this sensitive identifier.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"It_enhances_overall_security_posture_during_tax_preparation%E2%80%AF\"><\/span>It enhances overall security posture&nbsp;during&nbsp;tax preparation\u202f&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A tax preparation firm can improve its overall security posture by implementing MFA on all entry points (tax software, email provider, and cloud storage services). MFA is one of the most effective and affordable ways to reduce the potential for a data breach. The multifaceted nature of implementing MFA is typically incorporated into a Written Information Security Program (WISP), as mandated by the Federal Trade Commission&#8217;s (FTC) Safeguards Rule. The implementation of MFA reflects a firm&#8217;s commitment to&nbsp;maintaining&nbsp;strong security, thereby enabling the firm to&nbsp;retain&nbsp;client confidence while also fulfilling its obligations under federal law.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"It_mitigates_the_risk_of_stolen_credentials\"><\/span>It mitigates the risk of stolen credentials&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A password may be considered weak if it is too simple or easy to guess, or&nbsp;if it has&nbsp;already been stolen or hacked by a hacker. As such, the risks associated with using compromised credentials are reduced with the introduction of multi-factor authentication (MFA); once an account password has been stolen, the only way to log into the account is&nbsp;through the use of&nbsp;additional, unrelated means for authentication. Cybercriminals, therefore,&nbsp;cannot successfully log into your account using only your stolen credentials; they will need at least one&nbsp;additional&nbsp;element of verification before they can access the account.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"It_protects_from_specific_cyberattacks\"><\/span>It protects from specific cyberattacks&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>MFA provides added security to help defend users against common cyber threats, such as phishing, social engineering, and similar malicious digital tactics.&nbsp;As an illustration of this point: if a preparer is the target of a phishing attack and&nbsp;is&nbsp;tricked into giving away their password, the attacker, even with the password, won\u2019t be able to access the preparer\u2019s account due to the required secondary factor (e.g., one-time codes generated and sent by text message to the preparer\u2019s phone) needed for login. As a result, phishing attempts will be less successful when&nbsp;MFA&nbsp;is in place.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Although the&nbsp;<strong>IRS tax preparer security requirements<\/strong>&nbsp;may require supporting Multi-Factor Authentication (MFA) to protect taxpayers\u2019&nbsp;private information, it can provide&nbsp;<strong>IRS tax preparer security requirements<\/strong>&nbsp;and CPA firms&nbsp;with&nbsp;additional&nbsp;benefits beyond those mandated by law. These include improving overall security.&nbsp;Although the actual financial losses associated with data breaches or identity fraud can be substantial, the damage to the reputation of a tax preparer or CPA firm can be even greater. Hefty federal fines resulting from breaches of client data can erode the trust between preparer and client, leading clients to withdraw their business.&nbsp;<\/p>\n\n\n\n<p>On a wider level, the incidence of a security breach can further damage the reputation of&nbsp;the&nbsp;entire firm or&nbsp;individual&nbsp;practitioner, leading to long-lasting negative effects. It is possible for even one incident of a breach of client data to negatively affect the tax preparer\u2019s identity and significantly lower his credibility. For these reasons, tax preparers who&nbsp;maintain&nbsp;strong Multi-Factor Authentication systems will find that they not only protect their client data, but they also build and&nbsp;maintain&nbsp;a reputation for trustworthiness and professional integrity.&nbsp;<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In June 2023, the IRS made Multi-Factor Authentication (MFA) mandatory for tax preparers due to a significant rise in data threats.&nbsp;As&nbsp;one of the most common targets of data and cybersecurity threats,&nbsp;tax&nbsp;preparers&nbsp;have a duty to enforce Multi-Factor Authentication systems. This is essential to protect their clients&#8217; data, as outlined in Publication 4557.&nbsp;Multi-Factor Authentication is like a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6201,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42],"tags":[294,295,296,105],"class_list":["post-6191","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tax","tag-irs-security-requirements","tag-irs-security-requirements-for-tax-preparers","tag-irs-tax-preparer-security","tag-irs-tax-preparer-security-requirements"],"_links":{"self":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts\/6191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/comments?post=6191"}],"version-history":[{"count":8,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts\/6191\/revisions"}],"predecessor-version":[{"id":6202,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/posts\/6191\/revisions\/6202"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/media\/6201"}],"wp:attachment":[{"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/media?parent=6191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/categories?post=6191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.acobloom.com\/us\/wp-json\/wp\/v2\/tags?post=6191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}