Saturday February 16, 2019
IRS Urges Strong Passwords
Some financial, tax, government and other accounts also offer "two-factor" authentication. With two-factor authentication, you log on to the account, then a verification code is texted to your mobile phone (it is usually valid for a short period of time). You must then enter that code in order to access your account.
In IR-2018-151, the Service published guidelines for creating strong passwords. These strong password guidelines are helpful for both tax professionals and consumers.
There are nine IRS recommended methods for creating and tracking strong passwords.
- Minimum Length Passwords should be at least eight characters. Passwords with ten to fourteen characters are even more secure.
- Characters Use a combination of at least one uppercase letter, one number and lowercase letters in your passwords. For greater security, include symbols such as !, @ or #.
- Not Personal Avoid using your name, street, city, pet's name or other personal information in your password.
- Change Defaults Many devices, such as your home internet modem, are set up with "password" as the default password. You should change "password" to a new 8-14 character and number password. There are multiple email hacking cases with users who had "password" as their password. This was poor judgment.
- Reusing Passwords Do not use the same password for multiple accounts. Each account should have a unique password.
- Email Address Username If permitted, use a unique username rather than an email address. If this is not permitted, you may reduce risk by not using your primary email address. You can create another email address through one of many complimentary email services.
- Secure Storage If you keep a written or electronic list of passwords, store the printed list or a thumb drive with the electronic file in a safe, locked cabinet or other secure location.
- Disclosure Do not share your passwords with anyone. Do share the access method to your passwords with your electronic executor and authorize him or her to access your accounts. As is the case with all executors, you should be careful in selecting a trustworthy person as your electronic executor.
- Password Manager There are several companies that provide password manager programs with 256-bit encryption. If you use this method, set up a strong password for the account and share it with your electronic executor.