Drake Accounting - Multi-Factor Authentication (MFA)

Article #: 18886

Last Updated: December 12, 2025

 

Tags: Drake AccountingDAS

Drake Accounting logo

As part of its continuing efforts to strengthen security for tax preparers and taxpayers, the IRS implemented a federal requirement (IR-2024-201) mandating multi-factor authentication (MFA) for all tax professionals accessing systems, applications, or devices containing taxpayer information.

The IRS Safeguards Program defines MFA by access that requires at least two of the following types of authentication:

  • Knowledge factors ("something you know”), such as a password, PIN, challenge question, or pattern

  • Possession factors ("something you have”), such as a hardware or software token or a code sent to an authorized party

  • Inheritance factors ("something you are”), such as biometric characteristics, including fingerprints or facial scans

The Federal Trade Commission (FTC) allows for other means of security so long as they meet or beat the MFA requirements above and are fully documented within the preparer’s written information security plan (WISP). Per 16 CFR 314.4(c)(5) of the FTC Safeguard Rules, tax professionals must “Implement multi-factor authentication for any individual accessing any information system, unless your Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls.

Drake Software is dedicated to protecting your and your clients’ data by automatically enabling MFA for preparers starting with Drake Accounting 2026. If tax professionals have other sufficient means of security that meet or exceed IRS MFA requirements, they may choose to disable MFA; however, those who disable MFA without adequate safeguards in place are in direct violation of FTC 16 CFR 314.4(c)(5). For this reason, Drake Software strongly recommends keeping MFA enabled on all Drake Software products.

Setup

App or Yubikey

You can use either an Authenticator Mobile App or Yubikey to set up multi-factor authentication.

Authenticator Mobile App - Owner

A mobile authenticator app will give users a QR code to scan with their mobile phone to setup MFA. Configure Multi-Factor Authentication with an authenticator app on your mobile device.

  1. Go to Firm > User Setup > Owner Options.

  2. Select Enable Multi-Factor Authentication.

  3. Choose Use application-based Authentication.

  4. Go to the App Authentications tab and scan the QR code with your mobile phone.

  5. Enter that code into the Authentication code field.

  6. Click Save.

Authenticator Mobile App - Users

After the owner has set up the Authenticator mobile app MFA, all user accounts must use the authenticator to log in to Drake Accounting.

  1. Log in to Drake Accounting.

  2. A message is displayed, stating that MFA must be set up for this account before logging in. Click OK.

  3. Scan the QR code with your mobile phone.

  4. Enter that code into the authentication code field.

  5. Click Save, then Exit.

  6. Enter your Drake Accounting username and password.

YubiKey

YubiKey is a physical device MFA vendor, most commonly a USB key that you insert into the computer. To setup a YubiKey, select the YubiKey Code field and insert the device into the machine and a string of characters should populate in the field.

Important  Some YubiKeys have a button that must be pressed for the device to receive the key. Do not alter the contents of the YubiKey code field.

Beginning in Drake Accounting 2026, MFA is enabled by default for all users. The user will follow the steps below to finish the setup. If the user wants to opt-out, the setting will need to be changed by the owner in each year.

YubiKey - Owner

To activate YubiKey MFA:

  1. Log in to Drake Accounting as the owner.

  2. Insert the YubiKey into an easily accessible USB port. Note that it may take a moment for your computer to install the key.

    Go to Firm > User Setup > Owner Options.

  3. Select Enable Multi-Factor Authentication and select Use YubiKey.

  4. Go to the YubiKey tab.

  5. Click in the YubiKey Code field to activate the cursor.

  6. Press and hold the Y on the YubiKey. The YubiKey Code field in Drake Accounting is filled with a lengthy passcode.

  7. Click Save.

  8. Enter your Drake Accounting username and password.

  9. Click inside the YubiKey Passcode field.

  10. Press and hold the Y on the YubiKey to generate a lengthy code.

  11. Once the code is finished generating, let go of the YubiKey to be logged in to Drake Accounting.

YubiKey - Users

After the owner has set up YubiKey MFA, all Administrator and User accounts must use YubiKey to log in to Drake Accounting.

  1. Log in to Drake Accounting as an Administrator or User.

  2. A message is displayed, stating that MFA must be set up for this account before logging in. Click OK.

  3. Click on the YubiKey tab, and insert the YubiKey into an easily accessible USB port.

    • Note that it may take a moment for your computer to install the key.

  4. Click inside the YubiKey Code field to activate the cursor.

  5. Press and hold the Y on the YubiKey. The YubiKey Code field is filled with a lengthy passcode. Click Save, then Exit.

  6. Enter your Drake Accounting username and password.

  7. Click inside the YubiKey Passcode field.

  8. Press and hold the Y on the YubiKey to generate a lengthy code.

  9. Once the code is finished generating, let go of the YubiKey to be logged in to Drake Accounting.

Recovery

Owner

If you lost your phone or mobile device, contact the Drake Accounting support team at (828) 349-5908 for assistance with regaining access to your account.

Non-Owner User or Preparer

If you are not the Owner, and have lost your phone or mobile device, contact the account owner. The account owner will need to: 

  1. Log into DAS.

  2. Go to Firm > User Setup.

  3. Select the preparer/user from the list.

  4. On the User Setup tab, click Clear MFA.

  5. Click Save.

When the user/preparer logs in the next time they will be prompted to set up MFA on their new device.