As the holiday season fades and tax season begins in earnest, the Internal Revenue Service's inspector general is urging the IRS to improve its processes for authenticating access to tax accounts.
There have been enough breaches of data in the public and private sectors to raise concerns that identity thieves can get data detailed enough to circumvent most authentication processes. "As such, it is critical that the methods the IRS uses to authenticate individuals' identities provide a high level of confidence that tax information and services are provided only to individuals who are eligible to receive them," reads the report from the Treasury Inspector General for Tax Administration.
Indeed, there are weaknesses in the IRS's processes, TIGTA found, specifically:
- There is no service-wide approach to managing authentication, and;
- Authentiication methods currently in use provide only single-factor authentication, while the federal government’s own information security standards require multi-factor authentication for high-risk applications.
According to the report, which was completed in November and released to the public in late December, the IRS has agreed to implement all of the office's recommendations.
