Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Turbo Tax Security Question
Old 02-18-2015, 09:42 PM   #1
Full time employment: Posting here.
 
Join Date: Feb 2014
Posts: 731
Turbo Tax Security Question

So, I'm using Turbo Tax for doing a 'mock' joint return to see if I can match what our CPA comes up with for this year, with my plan of going it alone for 2015 if I can match or beat the CPA's results.

My DW has a lot of after tax brokerage accounts using Sharebuilder.

It sure would be easy if I could get her to log into her brokerage account and let Turbo Tax suck in the tax data, but she is reluctant to do this.

Does anyone know if the login info and password for these downloads while in Turbo Tax are session based/temporary and not retained by Turbo Tax so that I can allay the concerns (valid ones I admit) of my DW?

Thanks!
__________________

__________________
BBQ-Nut is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 02-18-2015, 11:04 PM   #2
Recycles dryer sheets
 
Join Date: Jan 2009
Posts: 190
Quote:
Originally Posted by BBQ-Nut View Post
Does anyone know if the login info and password for these downloads while in Turbo Tax are session based/temporary and not retained by Turbo Tax so that I can allay the concerns (valid ones I admit) of my DW?

Thanks!
I don't know about that part, but I do know Turbotax online anyway has a MASSIVE security hole that I did inform them about and they were very responsive (I'm sure it's been fixed, but if they were that lax about security, where else are they as well you wonder)?

In my case somebody had filed a fake return on Turbotax using my SSN and name/address. Later I happened to decide to use Turbotax for the first time and went to create an account. It said I already had one with that SSN, so I said I forgot my user name, password, as well as email. It let me in anyway. Right there was the fraudulent return the person had filed.

Well, what if I was the bad guy? Anybody knowing your SSN, name and address could get on and get your tax information, at least way they had it running until I told them. They stored it all online.

That doesn't answer your question exactly, but just shows how little attention was paid to security. I don't trust this whole "cloud" thing.
__________________

__________________
Kabekew is offline   Reply With Quote
Old 02-19-2015, 04:24 AM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,963
I think many of us assumed TT was secure until this year. The jury may be out now, and evidently Congress thinks so too as noted in other threads.
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is offline   Reply With Quote
Old 02-19-2015, 07:15 AM   #4
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,411
Quote:
Originally Posted by BBQ-Nut View Post

Does anyone know if the login info and password for these downloads while in Turbo Tax are session based/temporary and not retained by Turbo Tax so that I can allay the concerns (valid ones I admit) of my DW?

Thanks!
One thing she can try is to change her password, then use TT to log in and download the transactions, then change the password again to the previous one.
__________________
MichaelB is online now   Reply With Quote
Old 02-19-2015, 08:59 AM   #5
Full time employment: Posting here.
 
Join Date: Feb 2014
Posts: 731
Quote:
Originally Posted by Midpack View Post
I think many of us assumed TT was secure until this year. The jury may be out now, and evidently Congress thinks so too as noted in other threads.
Yeah - even I now have doubts on its security posture.

Quote:
Originally Posted by MichaelB View Post
One thing she can try is to change her password, then use TT to log in and download the transactions, then change the password again to the previous one.
I thought of that too - still got the raised eyebrow of resistance.

I may just have to bang in the info one holding at a time....well - in theory I have ample 'spare time' now in FIRE, right?
__________________
BBQ-Nut is offline   Reply With Quote
Old 02-19-2015, 10:52 AM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,317
Unfortunately, many of us have seen our personal information, credit cards, etc. compromised not by our own foolishness but by the big corporations to whom we have entrusted our information. Thus, it pays to keep one's passwords and other information to ourselves. It's a shame.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is online now   Reply With Quote
Old 02-19-2015, 10:59 AM   #7
Full time employment: Posting here.
 
Join Date: Feb 2014
Posts: 731
Quote:
Originally Posted by Chuckanut View Post
Unfortunately, many of us have seen our personal information, credit cards, etc. compromised not by our own foolishness but by the big corporations to whom we have entrusted our information. Thus, it pays to keep one's passwords and other information to ourselves. It's a shame.
Agreed.

Just came across this news link about Lenovo computers and purposely installed malware
BBC News - Lenovo taken to task over 'malicious' adware

Self-signed certs that can intercept what were thought to be secure sessions....

I think this is one of my biggest fears of using e-transactions....one day I will log into my retirement account and find a zero balance, cuz I was 'hacked'
__________________
BBQ-Nut is offline   Reply With Quote
Old 02-19-2015, 11:10 AM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,317
Quote:
Originally Posted by BBQ-Nut View Post
Agreed.

Just came across this news link about Lenovo computers and purposely installed malware
BBC News - Lenovo taken to task over 'malicious' adware

Self-signed certs that can intercept what were thought to be secure sessions....
And these corporations will then complain about 'more government regulation, more bureaucracy, etc. What do they expect? A pat on the back?

http://blog.chron.com/techblog/2015/...-+Full+Text%29

Quote:
as security researchers have discovered, Superfish does this by creating its own security certificates that replace those of legitimate sites with encrypted connections.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is online now   Reply With Quote
Old 02-19-2015, 11:32 AM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,317
If you own a recent Lenovo computer you can spend all your free time doing this, you lucky devil!

Quote:
Forbes has instructions for how to find out if you have the Superfish certificate on your Lenovo system:
To find out if you’re affected, locate Windows’ list of trusted certificates by opening up the Control Panel and searching for “certificates”. This will bring up Administrative Tools and a “manage computer certificates” option. Click on the “Trusted Root Certification Authorities” option and then “Certificates”. This will bring up a list of certificates. If you see one with Superfish Inc attached to it, you may be vulnerable.
You can uninstall Superfish, but to be sure you’re safe, security experts advise wiping the drive and installing a clean version of Windows.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is online now   Reply With Quote
Old 02-19-2015, 11:47 AM   #10
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 2,709
Actually installing from scratch would make sense but MS made it far more difficult since windows XP when you got the MS cd as part of the computer. Now you have to buy the os at around $130 to $150. Having done a good number of reinstalls on Xp it just takes time, but is not terribly hard. (Have not tried it on windows 8/8.1). I wish MS would provide a way to buy a cd for $20 that only uses the windows activation code on the computer bios. I would then wipe and get a nice clean system.
__________________
meierlde is offline   Reply With Quote
Old 02-19-2015, 11:59 AM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,454
Years ago - early 2000s I think - Fidelity contacted us because there had been some kind of security breach with downloading tax information from Turbotax. And they made us change our passwords. I think maybe the passwords had be sent over an insecure link or something. But we never got that kind of notice again, so I figured it had been fixed.

Since we don't use online Turbotax to do our tax return, I didn't worry about them having the tax return information. That was one reason we do NOT do our taxes online.

And I don't know if they can actually get a look at your tax return when you are eFiling. I have assumed they don't, but now I'm not so comfortable.

I can't answer for the download Fidelity info into the program security anymore. We've done that every year. Maybe we should change our passwords every year after using Turbotax?

It sounds like they've been way more stupid and careless than I imagined. They are just sitting ducks for the very clever hackers out there. Just like Anthem was a sitting duck.

We'll be following this stuff much more carefully now. I am really upset by the Anthem breach even though (knock on wood!!!) I don't think we've been victims.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 02-19-2015, 01:45 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,317
Quote:
Originally Posted by audreyh1 View Post

We'll be following this stuff much more carefully now. I am really upset by the Anthem breach even though (knock on wood!!!) I don't think we've been victims.
You have every right to be upset. The criminals got just about everything they needed to engage in identity theft. Not so good.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is online now   Reply With Quote
Old 02-19-2015, 02:14 PM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,454
Quote:
Originally Posted by MichaelB View Post
One thing she can try is to change her password, then use TT to log in and download the transactions, then change the password again to the previous one.
Hey - that's a really good idea!!! Thanks!
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 02-19-2015, 02:19 PM   #14
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,454
Intuit: Anti-fraud Improvements by IRS Fuel Up To 3700 Percent Rise in Phony State Filings. The Rise in State Tax Refund Fraud - Krebs on Security

It looks like the IRS at least has managed to reduce fraudulent filing at the Federal level, and the huge rise in state fraud is because that was the next target for cybercriminals!

Quote:
In an interim report on the 2014 tax filing season, TIGTA said the IRS identified and confirmed 28,076 fraudulent tax returns involving identity theft. That was down significantly from a year earlier, when the IRS identified and confirmed 85,385 fraudulent tax returns involving identity theft.
Intuit has shut down filing of "unlinked" state returns:
Quote:
However, so far in this year’s tax filing season, Intuit has seen between three and 37-fold increases in unlinked, state-only returns. Convinced that most of those requests are fraudulent, the company now blocks users from filing unlinked returns via TurboTax.
From a comment after the article - apparently Turbotax was the only company allowing filing of unlined state-only returns this year, which is why it looked like all the fraud was coming from them.

The current wave of fraud - account takeovers:
Quote:
But Kodukula said that over the past 18 months, Intuit has watched fraudsters shift from SIRF to account takeovers, wherein scammers compromise TurboTax credentials by exploiting human nature: The tendency for people to re-use passwords across multiple sites. This technique works because a fair percentage of users re-use passwords at multiple sites. When a breach at one site exposes the email addresses and passwords of its users, fraudsters will invariably try the stolen account credentials at other sites, knowing that a small percentage of them will work.
We don't use the online system, so we don't log into any account as far as we know. Updates don't require an account. We just have what we used to purchase software occasionally, and that doesn't have SS# or bank #s or whatever.

So it's confusing when they say things like:
Quote:
Intuit is encouraging all previous and current TurboTax customers to log into their accounts to see if there has been a return fraudulently filed. The company also is encouraging users to verify their bank account information and be sure that hasn’t been changed, as well as any other contact information associated with the account. Customers who detect errant changes can call TurboTax customer service at 800-944-8596. The company says it’s also offering free credit monitoring service for customers that have had account compromises.
Why do they say "all" customers. Not all customers do their taxes online and so shouldn't have this information in the Turbotax system. The lack of specifics in their language is very confusing.
__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is online now   Reply With Quote
Old 02-19-2015, 03:55 PM   #15
Recycles dryer sheets
 
Join Date: Aug 2011
Location: Atlanta
Posts: 420
Quote:
Originally Posted by Kabekew View Post
...
Anybody knowing your SSN, name and address could get on and get your tax information, at least way they had it running until I told them. They stored it all online. ..
With the IRS it is worse than that. All someone needs if your SSN and DOB.

"The IRS estimates that it sent out nearly three million fraudulent refunds to con artists last year. And according to a new report from the Government Accountability Office out tomorrow, it cost tax payers $5.2 billion."

"For this fraud all you need is a laptop, someone's social security number, date of birth, not even their name. "

"You would think that the IRS computers would notice that they were sending thousand of checks to a handful of addresses. But they didn't. And you might expect that the IRS would match taxpayer returns with legitimate W-2 forms filed by employers. It doesn't do that either because the law requires refund checks to be sent out within six weeks and employer W-2s are often not available until months later. "

Biggest IRS scam around: Identity tax refund fraud - CBS News
__________________
SJ1_ is offline   Reply With Quote
Old 02-20-2015, 08:19 PM   #16
Recycles dryer sheets
cranberryjoe's Avatar
 
Join Date: May 2013
Location: Western US
Posts: 114
Quote:
Originally Posted by meierlde View Post
Actually installing from scratch would make sense but MS made it far more difficult since windows XP when you got the MS cd as part of the computer. Now you have to buy the os at around $130 to $150. Having done a good number of reinstalls on Xp it just takes time, but is not terribly hard. (Have not tried it on windows 8/8.1). I wish MS would provide a way to buy a cd for $20 that only uses the windows activation code on the computer bios. I would then wipe and get a nice clean system.
Microsoft allows you to download the Windows images so you can reinstall using the activation code that you already have.

How to download Windows 7 and 8.1 setup media legally
__________________
Grow older, not up
cranberryjoe is offline   Reply With Quote
Old 02-20-2015, 08:38 PM   #17
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 2,709
Quote:
Originally Posted by cranberryjoe View Post
Microsoft allows you to download the Windows images so you can reinstall using the activation code that you already have.

How to download Windows 7 and 8.1 setup media legally
Interestingly for $99 Microsoft will now take your computer and do a clean install on it of Windows 8.1 no vendor bloat ware. (Often the vendor apps just duplicate the features in windows itself). For example on Dell there is the MS way of getting a recover USB stick and doing a system backup and a distinct Dell Backup solution (because they can sell a full featured version as well). Another item is you can buy Windows 8.1 pro and do without the Cyberlink media suite (The pro version includes media player which does do dvds)
__________________

__________________
meierlde is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Turbo Tax question: repeating imports for different incomes? BBQ-Nut FIRE and Money 8 02-06-2015 10:06 AM
Stumped by Turbo Tax question on passive loss Amethyst FIRE and Money 13 01-26-2015 10:11 AM
Turbo Tax - Tax-Exempt Income not added to State Return Felix Mulier FIRE and Money 18 04-07-2013 12:46 PM
Turbo Tax Question Tandemlovers FIRE and Money 6 03-25-2011 11:31 AM
TurboTax Basic vs. Turbo Tax Premier Geoffrey FIRE and Money 20 01-20-2008 01:15 AM

 

 
All times are GMT -6. The time now is 02:55 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.