Make a Referral
Refer a company to BenefitMall
Press & Media Center
Get all the facts and information you need
Video Library
Watch our latest videos and demos on our new video library
Meter at 0000

Security Summit Highlights New Password Guidance

The IRS and its Security Summit partners have new guidance for anyone who has access to identifying information of employees and clients.

Identity theft continues to be a major threat, which is why you should consider new, stronger standards to protect their online account passwords. Savvy cybercriminals are constantly finding ways to access sensitive tax and financial data. 

The Security Summit partners, including the IRS, state tax agencies and the tax community, held National Tax Security Awareness week earlier this month and one of the major topics was the most basic of online security – the password. 

“The IRS and the Security Summit partners have strengthened our systems to help protect against tax-related identity theft,” said IRS Commissioner Chuck Rettig. “To make these defenses even stronger, we need taxpayers and tax professionals to take common sense steps to protect their data and make it harder for identity thieves. By using better passwords, people can help themselves and the tax community against identity theft.”

What makes a strong password?

There’s some new thinking on this topic, according to the IRS. The latest guidance suggests “using a passphrase such as a favorite line from a movie or a series of associated words rather than using a password. The idea is to create a passphrase that can be remembered easily and protect the account. This means passwords like – “uE*s3P%8V)” – are out. Longer, personal phrases people can remember – for example, SunWalkRainDrive – are now preferred.”

The IRS, like all federal agencies, follows the cybersecurity framework set by the National Institute of Standards and Technology (NIST). NIST suggests you use a three-step approach to building a better password: 

• Leverage your powers of association. Identify associated items that have meaning to you.
• Make the associations unique to you. Passphrases should be words that can go together in your head, but no one else would ever suspect. Good example: Items in your living room such as BlueCouchFlowerBamboo. Bad example: names of your children.
• Create a passphrase that you can picture in your mind, such as the items in your living room. The idea is to create a phrase that’s easy for you to remember but hard for a criminal to guess. 

Additional Tips

Besides creating new, strong passwords, the Security Summit offers some additional steps you can take to protect your client’s data:

• Use a different password or passphrase for each account.
• Use a password manager if necessary for multiple accounts.
• Use multi-factor authentication whenever possible. 
• Change all factory-set passwords for wireless devices such as printers and routers. 

• “Taxes. Security. Together.” awareness campaign 
• IRS Publication 4524, Security Awareness for Taxpayers
Protect Your Clients; Protect Yourself campaign for tax preparers and other professionals
Tax Security 101 series


Add your comment




Subscribe Me

Enter your email address:

Delivered by FeedBurner


First Name
Last Name
Phone #
Zip Code
# of Employees