Leaderboard

McDonald's recently announced that they were scrapping their test of using AI to take orders. Although they did not give a reason, insiders say the system was getting orders wrong. If AI can't handle my order for a Happy Meal, how will work with much more technical issues?

Ah, they will "improve the user experience," possibly to non-functionality.

Both my Google authenticator and my Microsoft authenticator provide 6 digit codes. I hope they provide desktop versions of these because it's convenient to copy and paste the code on the phone. Might not be deemed secure enough to have on desktop, though.

Did the IRS provide any statistics on the number of breaches that occurred in the past that caused concern and made them implement this requirement? While there is something to be said for being proactive, requiring MFA seems excessive if you already have security parameters in place.

The safest computer level protection is a bios/boot password. That process stops brute force because of limiting attempts before a waiting period. Coupled with bit locker and hibernate instead of sleep, you have the best practical protection available. Phone as second method is silly as it is still easy to spoof or steal phone accounts. Protect the device and the second factor is moot (use the least obtrusive).

An authenticator is an APP on your phone and you either go to it, look at the 4 digit code and then enter it (basically the same as a text) or the app pops up on your phone asking you to verify it's you trying to log into the software. With that you just hit "yes".

It is an issue at our home because of special desires, and because SWMBO was a M manager for 5 years in our youth. It is only an issue when most/all items are pre wrapped, and they have to make an entirely special item within the time allowed. That is why IN/Out does well, and Wendy's is usually correct, and the item I like at M is usually correct (not prewrapped ever).

In a kitchen, especially when they're busy, there's nothing harder to get right than a special order. It disrupts your training and/or slows you down. Robots would be better at it.

In our life, FF orders are about 15% wrong. Does not matter if in person, speaker, or app. The one exception is In/Out as they have well known "names" for their off menu / custom orders. Frustrating, that even with an app, where the custom items are selected within the app, those who read the screen/ticket cannot get the order right every time.

To clarify this is the IRS implementation of the FTC's Safeguards Rule.

Copied from IRS News Release 2024 - 32: "The Federal Trade Commission’s safeguards rule now mandates that all tax professionals use multi-factor authentication, or MFA, to secure sensitive client data."

The Microsoft webcast that I watched said that basic 2FA with either PINs texted to your phone or emailed to you are 99 + % effective. According to the webcast most hackers aren't that sophisticated and that the sophisticated hackers aren't going to spend their time on a single account.

Drake's program uses only authenticators. It doesn't email any codes, if that is what you were thinking. Here's the complete setup: https://drakesoftware.com/Site/Browse/15895/Drake-Tax-MultiFactor-Authentication-Drake18-and-Future

ohhh, I didn't know they allowed an authenticator. Thanks.

Drake has had this for years. You just need to turn it on in the settings and set up the app with Drake through your phone.

The authenticator I use provides a 6 digit code to your mileage must vary.

I have read that with some programs if your cell phone is synced then as long your cell phone is on and nearby then you are allowed to log in.

I hear you! I HATE having to have my phone at my fingertips all the time. I try to remember that I'm adding steps. Yes, my authenticator is a phone app but I don't have to use it often so am prepared to have the phone available. My choice was to use my fingerprint which is how I protect my phone. It can get annoying but I now automatically pick it up with my left hand and my fingertip goes right to the spot. I still have a landline for my business and will keep it until I retire. I leave my cell on vibrate and the sound off about 90% of the time. It annoys some folks trying to reach me because they have to leave a message. And I don't answer unidentified calls on either phone. Since I don't have every contact ever in my cell, lots of calls are unidentified and not all callers leave a message. Also my cell isolates identified spam calls very effectively.

My phone is usually in my purse in the bedroom. It's time consuming to retrieve it and fire it up when my software asks me to type in a code they sent to my cell. What is an authenticator? Is it an app for my phone? I guess I'll have to glue my phone to my hip.

Yes you can have multiple programs / websites that use the same authenticator. I have 2 of them that use Okta. I'll ask my wife about replacing the phone, she just bought a new one and had to work through all that. She's literally taking a work test at the moment and would reach through the phone and choke me if I called.

I also have an authenticator on my phone which I was required by the bank to have for my position as church treasurer. I turns out that OH|ID was added to the list. I don't recall that it was an option to select when I set that up (I tend to forget too much these days) so it must be possible to keep adding those that offer or require this. Yes? I, too, wonder about losing or even changing my phone. It's a Pixel 4a so kind of old but I love the smaller size. There are very few available now that I can comfortably hold in my hand but I know I need a newer phone soon!

Using an authenticator is so simple - hope Drake implements that as an option. I've got 3 on my phone and they all work perfectly and easily. I do always wonder what happens if I lose my phone.

I, too, used to password protect pdf copies of returns before using Verifyle. Now Verifyle requires the client to access with email and password but has 2fa as an option which I will look into soon. Sigh....

I was just now reading about this through Tax Talk News and am scratching my head on how to manage. So as a sole practitioner I have to use 2FA to access a pdf file on my computer? I have to text to myself or call myself or email myself every time I want to look at a client file? My computer is password protected as is the ATX software but I don't have each client pw protected as I am the only user. If so, how do I confirm to myself that I am me, the authorized user? I realize that I will have to do something more now with Verifyle but my clients are not going to like it. At least I know it is an option so will have to read up on how to implement for myself and for each client. Retirement is REALLY looking better all the time! I'm getting too tired of soooo many hoops....

Greeeaat. I'm sure ATX will implement this flawlessly. I sure hope I can use an authenticator on my phone and not rely on getting a text from ATX.

Elrod's link in the original post does go directly to IRS' IR 2024-201, and for those that don't like links or won't search for yourselves, here is the text:

The requirement for MFA means people will turn back to sending us sensitive documents by plaintext, readable in transit, email. Or text messages. I'll be retiring faster.