Jump to content
ATX Community

Drake and their WISP

Corduroy Frog

By Corduroy Frog
in General Chat

 Share

Recommended Posts

Corduroy Frog

Corduroy Frog

Posted
Posted

And no, I didn't mean to say "WASP"...

But all of you know what I'm talking about anyway.  The increasing talents of the identity theft pirates mean that we must jump through more hoops every year to protect ourselves (and clients) from identity theft.  This year we were supposed to have a "WiSP" Written Information Security Plan.  I drafted a WISP from my seminar materials.

I counted on Drake to provide the machinery necessary to bring about my WISP.  When I contacted them, they showed me one of those weird rectangles with all those tiny dots.  My daughter calls it a "QR" or something like that.

I objected to Drake, as I don't want to deal with something that I don't what is doing, and apparently this thing is supposed to suck personal data from my cell phone, which has absolutely no tax information stored in it anywhere.  I asked Drake for an alternate method and they said absolutely not.

And of course, they are billing for renewal with an 8% increase.  And no effective response for my WISP.  I feel out of touch with this whole scenario, and I'm sure there are those among you who will chime in and agree.

Why can't we concentrate on becoming better tax preparers and not have to become I.T. people?  For what it's worth, I also subscribe to the Elon Musk belief that we are in danger of A.I. running our entire economy and taking personal decisions from us.

This post may invoke all manner of comments.  I didn't engineer it that way, at least not on purpose.

  • Like 3
Catherine

Catherine

Posted
Posted

While I use Drake (and have a WISP), I don't have anything set up that requires a QR code.  I don't even recall seeing or hearing anything about such a thing on Drake. Maybe I've just had my head in the sand...

  • Like 3
mcb39

mcb39

Posted
Posted

I wrote my own WISP; printed it and sealed it in plastic.  If it's not good enough for them, so be it.  I can step aside any time they want me to.  And, of course, there is that unforgiving increase in the price of the program. ATX, as well and an email every other day reminding me that I should renew before the end of May.  I have not even decided yet what I am going to do about next year.  Pretty soon the phone calls will start.🥺

  • Like 6
jklcpa

jklcpa

Posted
Posted
45 minutes ago, Catherine said:

While I use Drake (and have a WISP), I don't have anything set up that requires a QR code.  I don't even recall seeing or hearing anything about such a thing on Drake. Maybe I've just had my head in the sand...

Best I can figure, he may be referring to the one-time setup of the MFA. 

  • Like 3
  • Confused 1
BulldogTom

BulldogTom

Posted
Posted
1 hour ago, mcb39 said:

I wrote my own WISP; printed it...  If it's not good enough for them, so be it.  

I made my own as well.  Took it from the IRS prototype, changed it to meet my needs, and then made my employee/spouse read and sign it.   Scanned copy in the folder somewhere - Where did I put that?   Oh well, like all the 8879s that I sign that the IRS has never asked to see, I am sure I could do a search of my documents and find it if I need to.

Tom
Longview, TX

  • Like 5
  • Haha 1
JohnH

JohnH

Posted
Posted

Drake does display a QR code as a part of the proceess to set up MFA.  At first I resisted it, but eventually decided to set up MFA after reading about it on this forum.  Now it’s a really seamless process that I’ve become comfortable with and I feel as though I’m protecting my client data with another level of security. 

  • Like 2
Randall

Randall

Posted
Posted
14 hours ago, BulldogTom said:

I made my own as well.  Took it from the IRS prototype, changed it to meet my needs, and then made my employee/spouse read and sign it.   Scanned copy in the folder somewhere - Where did I put that?   Oh well, like all the 8879s that I sign that the IRS has never asked to see, I am sure I could do a search of my documents and find it if I need to.

Tom
Longview, TX

I'm with you two.  I just copied a doc I had showing the points needed.  I made a few notes, wrote my name on top and put NA in a few places.  That was my WISP.  Like mcb39 said, if it's not good enough for them, so be it.  Hey, it's a WISP.

  • Like 8
JohnH

JohnH

Posted
Posted

I developed my WISP by asking GROK to produce one.  It was excellent.

I did the same as others have  - edited in my specific info, tweaked a couple of items, printed it out, and filed it away. 

  • Like 3
Corduroy Frog

Corduroy Frog

Posted
  • Author
Posted

Judy is right - because I talked to Drake again today.  If that QR code is supposed to take you to a website, why can't Drake simply supply a link to that website?  I don't have any information on my cellphone that pertains to taxes, nor do I want any.

I'm assuming an MFA - results in sending a six-digit code before electronic filing can be completed.  Hence, another level of security.

Those weird QR thingees are everywhere - growing like a fungus.

For what it's worth - Drake and I are still at an impasse. 

 

  • Like 1
Lion EA

Lion EA

Posted
Posted

The QR Code doesn't take you to a website. It pairs your cell with your software's MFA for one, and only one, purpose. A 6-digit number on my cell changes every 30 seconds. When I type it in the screen after the password screen as I try to open my tax prep software, my software opens. No one could open my software without my frequently-changed password AND my cell.

Search and you'll find that some preparers have used an authenticator on their desktop instead of on their cell, if you don't want your cell involved.

MFA is not your WISP anymore than your left sock is your entire outfit. But the MFA is one part of your WISP. I think our software companies are required to use something like these authenticators, probably to gain IRS approval of their software. So, we're going to have to get used to it.

I had trouble setting mine up, even with CCH's help and my IT guy talking me through it over the phone. Tried 3 different authenticators. He stopped by my home office and had it up and running and me at ease with using it in a minute or two!

  • Like 4
Abby Normal

Abby Normal

Posted
Posted

The tax software companies got tired of so many support calls being about authenticator codes, that they had to make it optional or support was going to be overwhelmed by people who couldn't cope with an authenticator code.

  • Like 2
Margaret CPA in OH

Margaret CPA in OH

Posted
Posted

Question for those using a 'secure' client portal such as Verifyle: I am a sole practitioner.  To access my computer one has to have the login and password.  To access Verifyle, one must have a different login and password as with my tax software.  I don't see how having yet another authenticator for either of these does any more to protect my client data from myself.  What I do not see with Verifyle is how to 'authenticate' or otherwise control my client's access to the portal with that client's information.   Am I missing something (highly likely)?

  • Like 3
Catherine

Catherine

Posted
Posted

Like Margaret, it's just me here. Anyone trying to access my stuff would need to get into my house - past locks and alarms - then into my computer (password protected) then into my secure drive (a different password) or my online portal (yet another password). WiFi is totally locked down, hidden, inaccessible. 

How is adding more "authentication" crap going to help keep anyone's stuff more secure? Answer: it won't. What makes good sense in a multi-person office, or large corporation, is simply stupid in a one-person operation and leads to the idiocy of passwords on post-it notes stuck to the side of the monitor.

  • Like 7
Gail in Virginia

Gail in Virginia

Posted
Posted
55 minutes ago, Catherine said:

Like Margaret, it's just me here. Anyone trying to access my stuff would need to get into my house - past locks and alarms - then into my computer (password protected) then into my secure drive (a different password) or my online portal (yet another password). WiFi is totally locked down, hidden, inaccessible. 

How is adding more "authentication" crap going to help keep anyone's stuff more secure? Answer: it won't. What makes good sense in a multi-person office, or large corporation, is simply stupid in a one-person operation and leads to the idiocy of passwords on post-it notes stuck to the side of the monitor.

I thought everyone knew that putting your password on the side of the monitor wasn't safe, you have to put it under your keyboard where it can't be seen.  LOL.

  • Like 1
  • Haha 6
Catherine

Catherine

Posted
Posted
2 hours ago, Abby Normal said:

I had a strict rule that passwords were never to be written down, except in our password protected spreadsheet.

We have a friend who had a matrix for passwords, that depended on the company name and a couple of other items. Once you knew the algorithm, new passwords were super easy to generate and recall - and even if you got his cheatsheet, it was utterly meaningless without knowing the algorithm. Multiple pieces had to be put together, in the right order, which varied. I wish I remembered better how it worked. Simple, elegant, inscrutable. 

  • Like 2
Catherine

Catherine

Posted
Posted
4 hours ago, Gail in Virginia said:

I thought everyone knew that putting your password on the side of the monitor wasn't safe, you have to put it under your keyboard where it can't be seen.  LOL.

Just write them backwards; then they'll be completely safe!

  • Haha 2
Abby Normal

Abby Normal

Posted
Posted
15 hours ago, Catherine said:

Just write them backwards; then they'll be completely safe!

I have written them down with asterisks replacing one or more letters in a row, with just enough characters to remind me of the password.

  • Like 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...