mcb39 Posted September 17, 2024 Report Posted September 17, 2024 Yes, I am tired of protecting myself from myself. I am tired of running to get my cellphone because someone is sending me a code to get into a site. I, too, am a sole proprietor with my office in an addition built on to my home. Nobody does or has any reason to go anywhere near my work computer. My husband, who is the only other human living in this house, doesn't even know or want to know how to turn it on. There are two other computers in the original part of the office on which we do data entry, bookkeeping, look things up, etc. My office door to the outside has a double lock and a deadbolt. My filing cabinet has a lock. My main desk has a lock. My computer has a password; my cellphone has a password. My safe has a key. We even shut the watermain off when we leave for the weekend. How safe is safe?? Oh, my outside dropbox also is under lock and key. 3 1 Quote
Lee B Posted September 17, 2024 Report Posted September 17, 2024 Well the FTC and the IRS apparently think that we aren't intelligent enough to do these things. 1 1 Quote
Medlin Software, Dennis Posted September 17, 2024 Report Posted September 17, 2024 Even with the FTC requirement, one can still self-manage. MFA is not required, there are other options. But, when the data is not in your direct control (online), things like MFA become reasonable if the software creating said data does not "do" something else, such as self-managed encryption. The other issues. Computers and software are now appliances. They are expected to do all for you with a button push. Learning how to use computers and software is not something people expect to have to do. Thus, a huge part of programming is preventing human actions from causing issues - rather than the user having any responsibility. So a company which stores your data online is not going to want to let you self-manage since they will not want to deal with customers who have forgotten their security code, login, etc. This is where MFA makes it easier for the vendor (with only a tiny fraction of security) since all you need is access to a device or email account (which even a new scammer can get/spoof easier than the public believes). Then, we deal with those we elect who want to "do" something to prove their worth, such as the myriads of local "protection" laws, which do not even make sense (such as requiring data to be kept in the control of the owner, within the local jurisdiction, so no online storage/backup is practical). Here is another wasteful aspect of MFA. I am using a very popular process to share access with a trusted person, to manage our company web site. It has an MFA aspect, which is a mobile app, and I can see the mobile app creates a MFA code even when not asked for. Not sure if it is constant, or only when I open the new password app on my phone, but maybe once every month I need the MFA code, but it generates and times out what appears to be constantly. How secure it that? How wasteful in resources? One may also want to look at the laws for access. IIRC, face lock does not require a warrant, but a pin type code needs to be compelled by warrant. I use both, but my ultimate protection is a boot/IOS code, which is complicated, cannot be brute forced, and no known (to me) hacks when coupled with BootLocker. MFA has and continues to be less worthy. 1 Quote
Randall Posted September 18, 2024 Report Posted September 18, 2024 I'm going to check into some of the things Medlin has posted. There has to be a way to satisfy the regs without doing the absurd. 2 Quote
Lee B Posted September 18, 2024 Report Posted September 18, 2024 Unfortunately our tax software is going to make choices for us. 2 1 Quote
jklcpa Posted September 18, 2024 Report Posted September 18, 2024 3 hours ago, Lee B said: Unfortunately our tax software is going to make choices for us. Exactly! 2 Quote
Medlin Software, Dennis Posted September 18, 2024 Report Posted September 18, 2024 Unless we change our legal system, it is what it has to be. Defending against even the most frivolous of suit can put a business out of business (with no risk to the plaintiff other than expenses, especially if they find contingency representation, since there is zero penalty for losing). Much worse are those who use "review" sites to try to intimidate or to use as a protection racket. I get nastygrams almost daily from those complaining saying they expect me to keep them from harming themselves (in some manner, such as sending their data online for safety without consent, hacking into their computer to keep them from doing something or fixing what they did, etc.). Maybe the worst is from those who pay the license, then expect me to handhold them through every payroll, teaching them payroll processing along the way. Such is life, being reachable to consumers I suppose, but said life has to be worth living, so one must do what can be done to insulate. 2 Quote
mcb39 Posted September 19, 2024 Report Posted September 19, 2024 10 hours ago, Lee B said: Unfortunately our tax software is going to make choices for us. They have already told us so. Quote
Tracy Lee Posted November 13, 2024 Report Posted November 13, 2024 I have a laptop that I take home with me each night from my office. I am the only one that works on this laptop. I have all my protection, including encryption. My laptop requires my fingerprint or PIN or password. I always use my fingerprint. My understanding is that under this new law I won't be able to use my fingerprint; a password will be required then I will get a text message to accept in order to get into my computer. Has anyone found a way to get this authentication and still be able to use their finger print? Is there anyone who has decided not to do this because they already have great protection (like I do)? I totally protest this! Quote
b#tax Posted December 12, 2024 Report Posted December 12, 2024 Interesting article on MFA or 2FA....again a reminder that a holistic approach is needed. I just wish the rules passed down would recognize this. https://www.darkreading.com/cyberattacks-data-breaches/researchers-crack-microsoft-azure-mfa-hour 1 Quote
Lee B Posted December 12, 2024 Report Posted December 12, 2024 On 11/12/2024 at 4:11 PM, Tracy Lee said: I have a laptop that I take home with me each night from my office. I am the only one that works on this laptop. I have all my protection, including encryption. My laptop requires my fingerprint or PIN or password. I always use my fingerprint. My understanding is that under this new law I won't be able to use my fingerprint; a password will be required then I will get a text message to accept in order to get into my computer. Has anyone found a way to get this authentication and still be able to use their finger print? Is there anyone who has decided not to do this because they already have great protection (like I do)? I totally protest this! Using your fingerprint or facial recognition meets the requirements, but your tax software gets to choose which method they want to use. 1 Quote
JohnH Posted December 13, 2024 Report Posted December 13, 2024 Following up on the matter of choosing an authenticator. I was on the verge of paying for an authenticator when I ran across a comment about Google offering a free one -(by Lee or Judy, can't recall which). I think something was also mentioned about Google tracking our activity, but I don't see that as a problem since they already track much (or most) of what I do online anyhow. Maybe I'm being naieve. My question is, what benefit might there be in using an authenticator that charges a fee? Quote
Lion EA Posted December 13, 2024 Report Posted December 13, 2024 I searched on "CCH + authenticator" and found Home > Knowledge Base > Article > Article Number: 000280864 https://support.cch.com/oss/ml/kb/solution/Multi-Factor-Authenticators-for-Customers "Multi-Factor Authenticators for Customers Objectives Any Time-based One-Time Password -capable validator will work with Multi-Factor Authentication (MFA) and your Wolters Kluwer application. The list below is collected from popular, secure Wolters Kluwer and third-party authenticators to help you in selecting the one best suited for your needs. Environment All Wolters Kluwer Applications Windows OS iOS or Android Details [Then a nice table that I don't seem to be able to copy with 11 different authenticators, links to get them, and which work with Mobile, Windows, &/or Browser.] The list of authentication providers has been tested by Wolters Kluwer and have been determined to be compatible with our systems. However, please be advised, Wolters Kluwer does not endorse or recommend any individual provider, and each firm/user is advised to conduct their own due diligence to select a provider that is appropriate for their business needs." 1 Quote
jklcpa Posted December 13, 2024 Report Posted December 13, 2024 2 hours ago, JohnH said: Following up on the matter of choosing an authenticator. My question is, what benefit might there be in using an authenticator that charges a fee? The free ones will generate the codes and meet the needs of logging into the tax software. The paid apps may offer more advanced features like secure backup, syncing multiple devices, password management & integration, etc. 1 Quote
Lion EA Posted December 14, 2024 Report Posted December 14, 2024 The 2 out of 11 that note "(paid subscription may be required)" talk about advanced features, such as automatically entering the authentication code, keeping devices up-to-date, etc. Read about all the authenticators that WK says have been tested with their software to see if you need or want the advanced features. 1 2 Quote
G2R Posted December 17, 2024 Report Posted December 17, 2024 I'm late to the party, am I reading all these comments that there is no way to circumvent this authenticator thing? My 80 year old dad does not have a cell phone. Does that mean he won't be able to access his own ATX program? This is crazy! Quote
Medlin Software, Dennis Posted December 17, 2024 Report Posted December 17, 2024 1 minute ago, G2R said: I'm late to the party, am I reading all these comments that there is no way to circumvent this authenticator thing? My 80 year old dad does not have a cell phone. Does that mean he won't be able to access his own ATX program? This is crazy! If the software vendor elects to force something (such as use of a cell phone for their security purposes), then the software vendor is sating, yes, you must have a cell phone. If this is an issue, contact the software vendor directly. As I have likely spouted several times, using SMS or authenticator apps for MFA/security compliance is not required by the FTC, they allow several compliance options. But the FTC rules to not mean SMS for MFA is bad (there are better means) or authenticator apps are bad, or that it is unreasonable for software designed for tax pros comes with requirements such as being able to use SMS or authenticator apps for MFA. I actually answer similar messages routinely, similar to "I am too old to X", and I have to be sincere and honest when I say if they feel this way, maybe it is time to have someone else do what they are doing. We all have to face this. I have the experience and skills to do many things I elect not to do to keep SWMBO happy, to increase the odds I keep getting older, etc. Although, if our granddaughter elects to be a racer, I will likely strap up at least one more time to be on track with her, to help her learn (and honestly, I miss it too). Quote
Abby Normal Posted December 17, 2024 Report Posted December 17, 2024 23 minutes ago, G2R said: I'm late to the party, am I reading all these comments that there is no way to circumvent this authenticator thing? My 80 year old dad does not have a cell phone. Does that mean he won't be able to access his own ATX program? This is crazy! There are desktop authenticators or he could an old cellphone that someone has lying around. 1 Quote
TAXMAN Posted December 17, 2024 Report Posted December 17, 2024 I want to go back to what g2r said. I am a one person operation and I have the old flip phone that does not have app possibilities. How can I get MFA to work with an email address? ATX program is what I use. Quote
jklcpa Posted December 17, 2024 Report Posted December 17, 2024 37 minutes ago, Abby Normal said: There are desktop authenticators or he could an old cellphone that someone has lying around. 30 minutes ago, TAXMAN said: I want to go back to what g2r said. I am a one person operation and I have the old flip phone that does not have app possibilities. How can I get MFA to work with an email address? ATX program is what I use. There are authenticators that will send 2FA via text or phone call, and Google's authenticator has an extension that works in Chrome, but those would be for accessing web-based internet site, or sites that don't need to scan a QR box for setup. Using a web-based extension within a browser or desktop version, how would it be possible to scan the QR box from the ATX program's screen to receive the initial setup/pairing code without having some sort of mobile device. The mobile device must have QR scanning capability and the ability to download and install the authenticator. @G2R and @TAXMAN A tablet would also work, and it would need to be modern enough to download the app and have QR scanning capability. Quote
Abby Normal Posted December 17, 2024 Report Posted December 17, 2024 1 hour ago, jklcpa said: how would it be possible to scan the QR box from the ATX program The one I saw had the ability to upload a screen grab of the QR code. Quote
Slippery Pencil Posted December 19, 2024 Report Posted December 19, 2024 https://support.cch.com/oss/ml/kb/solution/Multi-Factor-Authenticators-for-Customers lists four authenticators with a windows app and two with a browser link. I've downloaded two of the windows apps and haven't figured out how to use them 2 Quote
mcb39 Posted December 19, 2024 Report Posted December 19, 2024 The first one I downloaded was Google. It worked, so I didn't try anything else. If it's good enough for Judy, it's good enough for me. We were even able to set up access to my computer by my assistant in the event of illness or absence. Always remember that the device is tied to the computer. She has a different access code for her computer. This is all laid out step by step in prior posts. Good Luck. I know how frazzled I was until I figured it out. Quote
G2R Posted December 23, 2024 Report Posted December 23, 2024 I reached out to ATX. The guy said 95% of his calls since October were complaints about this. Nothing they can do at this point unless rules change. He did advise of a browser based authenticator if cell phone wasn't an option. I tried it and it worked so it'll be a bit easier to explain to my low-tech/no-tech dad. I downloaded the Authenticator.cc browser extension in Chrome. Hope this helps. 4 Quote
Medlin Software, Dennis Posted December 23, 2024 Report Posted December 23, 2024 The vendor made a compliance decision, and customers are stuck with it. There were other options (as I keep saying), arguably more secure, but maybe more annoying for some (depends on the person). 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.