TaxSlayer: File this One Under Authentication

Have you ever filed your taxes using an online tax prep account? If so, you’ll want to know about the FTC’s recent settlement with TaxSlayer, LLC.

What happened? From October until December 2015, hackers used user names and passwords stolen from other websites to try to log in to TaxSlayer Online. Because consumers sometimes reuse passwords, hackers were able to gain full access to more than 8,800 TaxSlayer Online accounts. Thieves could have filed fraudulent tax returns, changed bank routing numbers, and sent tax refunds to themselves.

How could this happen? According to the FTC, TaxSlayer didn’t require users to have strong passwords, didn’t have a written information security program, and wasn’t doing risk assessments to identify threats to customer information. The FTC’s settlement requires TaxSlayer to have a written security program and safeguards to protect customer information.

Still worried about keeping your tax information safe? Here are some steps you can take to reduce the likelihood of tax identity theft:

  • Use a strong password or passphrase for logging in to any online tax filing program. It should have at least 10 characters. Longer, unique, and memorable passwords or passphrases (which are a sequence of words) are better than short passwords. Don’t reuse a password you’ve used for another account.
  • Choose multi-factor authentication. If you use a tax prep software, choose one that requires multi-factor authentication – like a call or text that give you a PIN to use, in addition to your login and password. In this case, it was only after TaxSlayer Online started requiring multi-factor authentication that the hackers could no longer get into accounts.
  • Don’t use public Wi-Fi when working on your taxes. It’s easy for hackers to get access to your personal information through public Wi-Fi.

This article by the FTC was distributed by the Personal Finance Syndication Network.