Change to EFTPS login using ID.me

[JohnH]

Apparently I missed the memo.
I began to log in to EFTPS today and was required to log into ID.me before gaining access to EFTPS.  Turns out they implemented this change yesterday (Oct 19). Was this info widely announced and I just didn’t notice it?  

[Lee B]

I last logged in on October 11th as usual with no notice of any upcoming changes?

"Notice to Website users:

What is happening?
Fiscal Service is requiring Multifactor Authentication (MFA) for system access. The new authentication process supports Executive Order 14028, requiring all federal agency applications to implement MFA. This will provide an additional layer of security, protecting against unauthorized access threats. EFTPS is partnering with third-party credential service providers Login.gov and ID.me for MFA services.

When is it happening?
Secure sign-in via Login.gov or ID.me will be required on October 19, 2023.

How do I register?
Upon logging in to this site, you will be prompted to register and/or authenticate with either Login.gov or ID.me, prior to the normal process of inputting your EIN or SSN, PIN, and password.

Where can I go for help?
For assistance with Login.gov please call the Login.gov help desk at (844) 875-6446.
For assistance with ID.me visit help.ID.me.

Please note: Your tax payment is due regardless of this Web site's availability. You can always make a tax payment by calling our voice response system at 1.800.555.3453. Follow the prompts to make your payment."

 

[jklcpa]

I was on around the 3rd or 4th of this month and didn't see any notice either.

[JohnH]

Guess how many of your clients are going to be calling you next week (semi-weekly depositors) or the 14th of next month (monthly depositors), in a panic because they suddenly can't pay their Federal Tax Deposits. 

 

[Lee B]

22 minutes ago, JohnH said:

Guess how many of your clients are going to be calling you next week (semi-weekly depositors) or the 14th of next month (monthly depositors), in a panic because they suddenly can't pay their Federal Tax Deposits. 

 

Fortunately, I don't have any weekly or biweekly payroll clients, so I won't get any calls until next month when I return from vacation.

[JohnH]

1 minute ago, cbslee said:

Fortunately, I don't have any weekly or biweekly payroll clients, so I won't get any calls until next month when I return from vacation.

You're lucky.  For some people the phones may be lighting up unless the clients use a payroll service. PEO, or our good friend Dennis.

[Lee B]

As far as I can tell, this announcement first showed up on October 18th on the EFTPS Home Page.

I subscribe to the IRS Payroll News and there has been no mention of this change.

This is a perfect example of how not to implement a change!

[Lion EA]

An email I received Monday 16 October:

Dear Partners,

Just in case you missed the notice on the EFTPS website when logging into EFTPS, as of October 19, 2023 multifactor authentication will be required to log into EFTPS. See the notice from the EFTPS homepage below.

Notice to EFTPS Website users:

What is happening?
Fiscal Service is requiring Multifactor Authentication (MFA) for system access. The new authentication process supports Executive Order 14028, requiring all federal agency applications to implement MFA. This will provide an additional layer of security, protecting against unauthorized access threats. EFTPS is partnering with third-party credential service providers Login.gov and ID.me for MFA services.

When is it happening?
Secure sign-in via Login.gov or ID.me will be required on October 19, 2023.

How do I register?
Upon logging in to this site, you will be prompted to register and/or authenticate with either Login.gov or ID.me, prior to the normal process of inputting your EIN or SSN, PIN, and password.

Where can I go for help?
For assistance with Login.gov please call the Login.gov help desk at (844) 875-6446.
For assistance with ID.me visit help.ID.me.

Attached are instructions to the two ways taxpayers can validate their identities using ID.me. Please feel free to distribute this information to your membership.

Sincerely,

Joseph McCarthy CPA

IRS Senior Stakeholder Liaison

[BulldogTom]

Judy is going to delete this, but I can't help myself.....

So you don't need anything to prove who you are to vote, but you need to authenticate with ID.me to pay your taxes?  Doesn't requiring people to prove who they are before they exercise their right to pay taxes somehow make the taxpayers disenfranchised?

How screwed up is this?

Tom
Longview, TX

[Catherine]

I was on EFTPS last week and there was no notice whatsoever. 

What a pack of eejits, to implement this with no warning at all. Frankly, the whole ID dot me thing is, to my mind, less secure than the previous system. Yeah, they send you a code. So what? If bad guys have access to my computer, they probably have my phone, too. Plus, who on earth uses subterfuge to log in to PAY tax? 

We can comfort ourselves that if they had a brain, and a clue, they'd be far more dangerous than they already are. 

[jklcpa]

I won't delete Tom's post, but for those of you mentioning security for paying taxes, this isn't that.

This is to more secure our financial information that is stored there including banking information, SSNs, EINs, and payment history. Thieves could used all of that in a variety of ways.

[JohnH]

I'm definitely on board with the idea that this was poorly implemented.  

So on the implementation side, is there any reason to favor one method of MFA over the other?  I used ID.me because I was already set up with them.  I have never used Login.gov as far as I know.  I'm just trying to decide which to recommend if a client asks. 

[JimTaxes]

id.me seems to be much more common and i read that login.gov is not as secure as id.me. 

[Lee B]

I will first try to use Login.gov:

"When you’re ready to create your secure Login.gov account, you’ll need to provide a few pieces of information:

1. Email address

We recommend a personal email address that you’ll always be able to access rather than a work email address.

If you already have an account with Login.gov with that email address, we’ll send you an email to let you know how you can reset your password and access the account.

2. Secure password

Passwords must be at least 12 characters and should not include commonly used words or phrases.

Depending on the security needs of the agency, you may need to prove your identity using a social security number, address, and/or U.S. based state-issued identification

3. One or more authentication methods such as:

More secure

Face or touch unlock

Security key

Authentication application

Federal government employee or military identification (PIV/CAC)

Less secure

Text/voice message

Backup codes"

[JohnH]

I decided to compare the two, but as it turns out I already had a Login.gov account which I had forgotten about. (Probably used it a long time ago to correspond with the Veterans Administration)  So I was not able to get the experience of setting up a Login.gov account to find out how it works compared to the ID.me process.  But the experience is about the same with respect to signing in to EFTPS once one has either credential.  One article I read stated that ID.me is a bit easier to set up, but it requires facial recognition, whereas Login.gov does not.  However, the article went on to say this makes the Login.gov process a bit more tedious.

Judy makes a very good case for adding this level of security - things which I had not really thought about.  I'm coming around to the concept; just would have liked a little more lead time or provided some sort of phase-in. 

[NECPA in NEBRASKA]

I hope that I can still pay the taxes for a not for profit where I am a member with my own ID. They won't have payroll until next summer again, so I guess I will find out then.

[JohnH]

The existing login information for EFTPS still works as usual.  The only difference is that you can't get access to EFTPS login until you identify yourself with ID.me or Login.gov.  They just want to know who is logging into EFTPS before granting you access.  As long as you have ID.me or Login.gov, you're fine.  If you don't have one of those, then you'll need to sign up for one or the other of them before you try to access EFTPS at any time in the future.  

[NECPA in NEBRASKA]

39 minutes ago, JohnH said:

The existing login information for EFTPS still works as usual.  The only difference is that you can't get access to EFTPS login until you identify yourself with ID.me or Login.gov.  They just want to know who is logging into EFTPS before granting you access.  As long as you have ID.me or Login.gov, you're fine.  If you don't have one of those, then you'll need to sign up for one or the other of them before you try to access EFTPS at any time in the future.  

I just got my PIN and used it to see all of my POA's. It was great to be able to pull them up and withdraw from some of them.

 

[Terry D EA]

I'm coming in on the tail end of this. I logged into EFPTS during the first week of October and had no issues, notices, memos or email. Already setup with ID.me as well. Yes, it seems to be an inconvenience but to further protect the information that is already there is a welcomed idea. I think we all should have been better informed.

[Gail in Virginia]

I had not set up either until I saw this thread today. I set up under login.gov in less than 5 minutes.  As long as I don't forget yet another password I should be fine.  

[BulldogTom]

2 minutes ago, Gail in Virginia said:

I had not set up either until I saw this thread today. I set up under login.gov in less than 5 minutes.  As long as I don't forget yet another password I should be fine.  

What do they ask you for to set up the Account at Login.gov?

Tom
Longview, TX

[Lee B]

On 10/21/2023 at 6:21 AM, Lee B said:

 

"When you’re ready to create your secure Login.gov account, you’ll need to provide a few pieces of information:

1. Email address

We recommend a personal email address that you’ll always be able to access rather than a work email address.

If you already have an account with Login.gov with that email address, we’ll send you an email to let you know how you can reset your password and access the account.

2. Secure password

Passwords must be at least 12 characters and should not include commonly used words or phrases.

Depending on the security needs of the agency, you may need to prove your identity using a social security number, address, and/or U.S. based state-issued identification

3. One or more authentication methods such as:

More secure

Face or touch unlock

Security key

Authentication application

Federal government employee or military identification (PIV/CAC)

Less secure

Text/voice message

Backup codes"

 

[schirallicpa]

Glad I opened this thread - had totally forgetten about doing my payroll reports.......

[Bart]

We have 60 payroll clients.  How are going to comply with this change?

[Lee B]

5 minutes ago, Bart said:

We have 60 payroll clients.  How are going to comply with this change?

I am wondering the same thing. I guess I won't find out until I return from vacation the beginning of November

I still do live payroll processing but since I am semi retired I have less than 10 .