Two factor authentication for TurboTax

P

Peter

Full time employment: Posting here.
Joined
Dec 18, 2003
Messages
642
Location
San Carlos, CA
I just logged into my TT account and was asked to check e-mail for a code. Has anyone else seen this?

I'm hoping it's not because someone else has accessed my account. If so, they could be locking the stable door etc ...

Is there any way to check if someone has already filed using my account? Other than filing my return, that is.
 
Peter said:
I just logged into my TT account and was asked to check e-mail for a code. Has anyone else seen this?

I'm hoping it's not because someone else has accessed my account. If so, they could be locking the stable door etc ...

Is there any way to check if someone has already filed using my account? Other than filing my return, that is.
Click to expand...


Was this the first time you have checked back in since last tax season? If so they would welcome you back from last year and ask if you need to update anything from last year. At least that is what happened with me. So I feel good my account has not been hacked. However, I would still not know if they have used my social security to file somewhere else as I am still in a holding pattern waiting for Vanguard to release the forms I need before I can actually file.


Sent from my iPad using Tapatalk
 
Peter said:
I just logged into my TT account and was asked to check e-mail for a code. Has anyone else seen this?

...
Click to expand...

Long time turbotax user who reupped this year via amazon for the refund bonus, and I am confused. What is a turbotax account? Is it only applicable to those who don't have the desktop version?
 
2017ish said:
Long time turbotax user who reupped this year via amazon for the refund bonus, and I am confused. What is a turbotax account? Is it only applicable to those who don't have the desktop version?
Click to expand...

That's what I think.

We have a customer account from buying (or getting the Fidelity freebie) and downloading it. And getting occasional updates. But this has no more than our product registration info. No address, no SS#, etc. no info about our return.

But 80% of TT customers use the online version.
 
I don't use TurboTax, but I did "upgrade" from Quicken Home & Business 2012 to Premier 2015 on Windows last night. The install really pushed for online/mobile access and I hope I successfully skirted those but it wouldn't proceed without me verifying a Quicken account.

Quicken is a big reason I continue carrying my Windows albatross but I am following the Mac recommendations from people here on e-r.org and think iBank sounds interesting.
 
Turbo tax has implemented multi-factor authentication recently. See this PR release
TurboTax Resumes E-filing for States | The TurboTax Blog

After working with third-party security expert Palantir on a preliminary examination of recent fraud activities, Intuit believes that these instances of fraud did not result from a security breach of its systems. As a result of that examination, which is ongoing, Intuit implemented targeted security measures to combat the type of fraudulent tax activity that it is seeing. These additional steps include the implementation of Multi-Factor Authentication, a proven technology for protection against identity theft.
Click to expand...

But I can't figure out how to add multifactor authentication to my existing account! The only reason I have an account is because I download my copy of turbotax (desktop) through Vanguard.
 
Last edited:
Thanks for the link walkinwood.

I'm scratching my head over the obvious contradiction in the quote: on the one hand, their systems weren't breached, yet on the other, because of that they are increasing security!

Still, I think the two factor authentication is a step forward. I suspect they are implementing it in stages; I didn't ask for it, it just appeared. And I had logged into the account several times over the previous few days, so it wasn't because it was the first login of the tax season.
 
I was on the TurboTax site a few times this evening and was not prompted for two factor authentication. In my case it was the same TT experience as always.


Sent from my iPhone using Early Retirement Forum
 
Peter said:
Thanks for the link walkinwood.

I'm scratching my head over the obvious contradiction in the quote: on the one hand, their systems weren't breached, yet on the other, because of that they are increasing security!

Still, I think the two factor authentication is a step forward. I suspect they are implementing it in stages; I didn't ask for it, it just appeared. And I had logged into the account several times over the previous few days, so it wasn't because it was the first login of the tax season.
Click to expand...
Their systems haven't been breached directions (as far as we know - I'm no impressed), but their customers keep falling victim to phishing, etc. So this can address the later issue.
 
truenorth418 said:
I was on the TurboTax site a few times this evening and was not prompted for two factor authentication. In my case it was the same TT experience as always.


Sent from my iPhone using Early Retirement Forum
Click to expand...


I was on the site last week and noticed today they changed mine to 2 step.
Completed my taxes today and sent off. Hopefully no email tomorrow saying return was already received and refund previously sent.


Sent from my iPad using Tapatalk
 
One man's view of TT and security.

Intuit Failed at ‘Know Your Customer’ Basics — Krebs on Security
According to the interviews with Intuit’s former security employees, much of the tax refund fraud being perpetrated through TurboTax stems from a basic weakness: The company does not require new customers to do anything to prove their identity before signing up for a TurboTax account. During the account sign-up, you’re whoever you want to be. There is no identity proofing, such as a requirement to answer so-called “out-of-wallet” or “knowledge-based authentication” questions.
Out-of-wallet questions are hardly an insurmountable hurdle for fraudsters. Indeed, some of the major providers of these challenges have been targeted by underground identity theft services. But these questions do complicated things for fraudsters. Intuit should take a cue from credit score and credit file montitoring service creditkarma.com, which asks a series of these questions before allowing users to create an account. And, unlike turbotax.com — which will happily let multiple users create accounts with the same Social Security number and other information — creditkarma.com blocks this activity.
Click to expand...
 
Wow - yet another Krebs article highlighting Intuit's lacksadaisical approach. This one summarizes some of the info from other articles, but the discussion of login security and validation is newish.

Since Intuit is not a bank, they are not required by law to "know their customer".

They obviously aren't particularly motivated to protect their non-fraudster customers either.
 
Last edited:
Also ran into the new issue with Macs where you have to be connected online in order to print or "save as PDF" as it requires some kind of remote "secure print service". It's an awkward workaround to fix an Apple Store compliance issue but as you can imagine it has people who want to work completely offline and print and not eFile but send in paper rather upset.
 
audreyh1 said:
Also ran into the new issue with Macs where you have to be connected online in order to print or "save as PDF" as it requires some kind of remote "secure print service". It's an awkward workaround to fix an Apple Store compliance issue but as you can imagine it has people who want to work completely offline and print and not eFile but send in paper rather upset.
Click to expand...

Intuit put some sort of weird hack in TurboTax. This only bites if you try to print the actual tax forms. Everything else prints fine. They DO have the code needed to print to PDF. (It's called CoreGraphics, AKA Quartz, and it is the same code used to draw the forms on the screen. There's a reason I am sure of this... :greetings10: ) I have a strong suspicion Intuit was less than truthful with that Forbes reporter on this subject.

From the fine print you agreed to in installing TurboTax:
Paragraph 9 of the Intuit Software End User License Agreement states:

"You may save your return as a PDF file and understand it may be processed on Intuit servers, not as part of the Software."
Click to expand...
For some reason or other, the Nice Man at TurboTax wants to make sure he gets a copy of your tax return even if you don't want to use E-filing. One more reason to use TaxAct, I think.

The change was supposedly made in 2013, but printing worked fine offline in that version. They've flipped a switch for this year's Mac version. I bet that next year the Windows version gets this exciting new feature.
 
Last edited:
M Paquette said:
Intuit put some sort of weird hack in TurboTax. This only bites if you try to print the actual tax forms. Everything else prints fine. They DO have the code needed to print to PDF. (It's called CoreGraphics, AKA Quartz, and it is the same code used to draw the forms on the screen. There's a reason I am sure of this... :greetings10: ) I have a strong suspicion Intuit was less than truthful with that Forbes reporter on this subject.

From the fine print you agreed to in installing TurboTax:
For some reason or other, the Nice Man at TurboTax wants to make sure he gets a copy of your tax return even if you don't want to use E-filing. One more reason to use TaxAct, I think.

The change was supposedly made in 2013, but printing worked fine offline in that version. They've flipped a switch for this year's Mac version. I bet that next year the Windows version gets this exciting new feature.
Click to expand...
Wow. That just so stinks!

But they can take any info you enter into their program at any time. Ultimately it comes down to trust, and they haven't been acting like a trustworthy company.
 
Last edited:
I put this in another thread, but thought I'd share this article the Washington Post ran this week on Turbo Tax, their lack of security, and how very little is being done between the government and tax preparation software firms to protect your information and prevent fraud.

Who’s to blame when fraudsters use TurboTax to steal refunds? - The Washington Post

From the article "But an internal strategy presentation obtained by The Washington Post showed that the number of “suspicious” customers who successfully filed a return grew from about 900,000 in 2010 to about 2.5 million in 2012. About 29 million people used TurboTax last year."

That is a significant economic incentive for TT to NOT curb the fraud if they can instead pin the whole responsibility of preventing fraud on the Federal government.


Edited to add: At the end of the WaPost article is a link to what to do if you have your return stolen. One gentleman quoted in the article who discovered someone had filed a fraudelent return using his TT identify is still waiting for his refund six months later...
 
Last edited:
You must log in or register to reply here.

Similar threads

N
Tax Return or Form 990-N for HOA?
Replies
17
Views
672
pb4uski
pb4uski
BrianB
Fidelity free Turbotax offer
8 9 10
Replies
232
Views
26K
MartyGB
M
njhowie
Heads Up: TurboTax + Fixed Income + Accrued Interest
Replies
12
Views
2K
gauss
gauss
M
Uh Oh! TT What are you doing to me?
2 3
Replies
70
Views
5K
jazz4cash
J
Zona
Beneficial Ownership Info Reporting FinCEN requirement?
Replies
5
Views
251
Closet_Gamer
C

Latest posts

Back
Top Bottom