IRS Required Security Control

MFA for Tax Professionals

Name: Bellator Cyber Guard
Address: US
Telephone: (800) 492-6076
Price range: $$

Multi-factor authentication is required by the IRS and is your strongest defense against account takeover. Here is how to implement it everywhere.

Get Your WISP Call (800) 492-6076

By the Numbers

99%

Of Account Takeovers Blocked by MFA

100%

IRS Requires MFA

5min

Average MFA Setup Time

What Two-Factor Authentication for Tax Professionals Covers

IRS e-Services MFA

Set up multi-factor authentication on your IRS e-Services account and Secure Access.

Tax Software MFA

Enable MFA on all tax preparation software — Drake, Lacerte, ProSeries, UltraTax, and more.

Cloud Account MFA

Secure Office 365, Google Workspace, and cloud storage with authenticator apps.

Phishing-Resistant MFA

Use hardware keys or authenticator apps instead of SMS for maximum security.

Staff MFA Enforcement

Require MFA for all employees and set up recovery procedures for lost devices.

MFA Policy Template

Document your MFA requirements as part of your WISP compliance.

How to Get Started

Inventory All Accounts

List every system that accesses taxpayer data — IRS, tax software, email, cloud storage.

Enable MFA Everywhere

Turn on MFA using authenticator apps (not SMS) for all accounts on your list.

Train Your Team

Show staff how to use authenticator apps and handle MFA setup on their devices.

Document in WISP

Add your MFA policies to your Written Information Security Plan for compliance.

MFA Is Required — Are You Compliant?

Our WISP template includes MFA policy sections that satisfy IRS requirements.

Download Free WISP

Frequently Asked Questions

Yes. IRS Publication 4557 specifically requires multi-factor authentication for accessing any system that stores, processes, or transmits taxpayer data.

SMS MFA is better than no MFA, but it can be bypassed through SIM swapping attacks. The IRS and security experts recommend authenticator apps (Google Authenticator, Microsoft Authenticator) or hardware security keys.

Have a documented recovery procedure: backup codes stored securely, a designated administrator who can reset MFA, and a verification process to confirm the employee identity before resetting.

All major tax preparation platforms now support MFA, including Drake, Lacerte, ProSeries, UltraTax CS, TaxAct Professional, and TaxSlayer Pro. Check your software settings or contact support to enable it.

Protect your tax practice from cyber threats

Schedule a free consultation to assess your firm's security posture.

Book a Free Consultation Get Your Free WISP