As part of its continuing efforts to strengthen security for tax preparers and taxpayers, the IRS implemented a federal requirement (IR-2024-201) mandating multi-factor authentication (MFA) for all tax professionals accessing systems, applications, or devices containing taxpayer information.

The IRS Safeguards Program defines MFA by access that requires at least two of the following types of authentication:

• Knowledge factors ("something you know”), such as a password, PIN, challenge question, or pattern

• Possession factors ("something you have”), such as a hardware or software token or a code sent to an authorized party

• Inheritance factors ("something you are”), such as biometric characteristics, including fingerprints or facial scans

The Federal Trade Commission (FTC) allows for other means of security so long as they meet or beat the MFA requirements above and are fully documented within the preparer’s written information security plan (WISP). Per 16 CFR 314.4(c)(5) of the FTC Safeguard Rules, tax professionals must “Implement multi-factor authentication for any individual accessing any information system, unless your Qualified Individual has approved in writing the use of reasonably equivalent or more secure access controls.”

Drake Software is dedicated to protecting your and your clients’ data by automatically enabling MFA for preparers starting with Drake Accounting 2026. If tax professionals have other sufficient means of security that meet or exceed IRS MFA requirements, they may choose to disable MFA; however, those who disable MFA without adequate safeguards in place are in direct violation of FTC 16 CFR 314.4(c)(5). For this reason, Drake Software strongly recommends keeping MFA enabled on all Drake Software products.

Setup

Detailed information about the setup in Drake Accounting 2026 will be added soon.