The IRS Just Introduced a Login Identification Process — How Secure Is It?

Woman in her 30s filling out tax information online.
vitapix / Getty Images

The Internal Revenue Service (IRS) recently implemented an improved identity verification and sign-in process that requires facial identification through a selfie and a photo of an identity document — such as a driver’s license, state ID or passport — according to IRS.gov. Taxpayers will continue to access the IRS portal through IRS.gov but will now sign in using their ID.me account.

See: How To Sign Into ID.me To Access All The IRS Online Platforms
Find: Tax Filing 2022: How To Set up ID.me for the IRS

ID.me is a third-party technology provider for the IRS that uses facial recognition to verify identity. The process is simple, fairly quick, and secure. ID.me asserts that it does not sell users’ biometrics or personal information, financial or otherwise.

In a press release detailed by CNET, ID.me founder Blake Hall said, “Our 1:1 face match is comparable to taking a selfie to unlock a smartphone.”

What You Need to Know About ID.me Verification

The new process is designed to make it easier and more secure for taxpayers to manage their child tax credit, check IRS accounts, and perform “other routine tasks,” related to taxes, the IRS stated in a news release.

Make Your Money Work

If you already have an IRS username, you can continue to use those credentials to log in to the site until summer 2022 but will be prompted to create an ID.me account as soon as possible, according to IRS.gov. Those who already set up an ID.me to access the child tax credit update portal can use those credentials to log in for any other IRS business, including filing taxes. They will not have to reauthenticate their identity.

Discover: Teens & Taxes: Does Your Teen Need to File Taxes for Their Part-time Job?

IRS Commissioner Chuck Rettig said in the release, “This new verification process is designed to make IRS online applications as secure as possible for people.”

Is the ID.me Process Secure Against Hackers?  

Security expert Nick Santora, CEO of security awareness training platform Curricula, noted that the process is “absolutely more secure,” than the IRS’ former methods for identity verification, which largely relied on a user’s social security number. “This is setting a precedent. This is where we need to be in order to start taking the security of people’s identity seriously,” Santora told GOBankingRates.

Make Your Money Work

He added that the new process acknowledges a social security number is not a good authentication tool. “For the most part, people’s social security numbers are already out there from previous third-party data breaches.”

Santora emphasized that hackers may still try to infiltrate the system. But the ID.me process adds so many steps to authentication that it’s designed to make hackers decide such a venture is not worth the trouble, he explained.

More: Top Tips for Painless Tax Prep

With the new identity authentication process, the danger lies not in hackers stealing your identity from other sites and using it to create accounts, but in using social engineering tools to get you to provide them with the information they need to access your account. The system can only provide security if people use it properly.

“A hacker can essentially target you after you’ve set up your ID.me account and do what they do best, which is play on your sense of urgency,” Santora said. For instance, a hacker may reach out by phone or email and say they are from ID.me — or the IRS — and that you need to reset your password or authenticate your account.

Make Your Money Work

If you follow a fake website link a hacker might provide and follow the steps they issue, you could be giving them access to your IRS account. “It’s no different than if you were walking into your house and a burglar came up behind you and navigated you to open the door for them. They didn’t need to steal your key or make a copy of it. They just walked through the door with you,” Santora explained.

Learn: How Are Property Taxes Calculated?
Explore: Tax Prep: IRS Says Gathering Your Documents Is the First Step

To protect yourself, he advised, “Never use your email as a trampoline to get to any website. Don’t just bounce over to the IRS site by clicking a link. Type in the IRS.gov website manually. The agency is using that safe space to make sure you get to the right place.”

He added, “ID.me is a trusted and secure website. But problems could arise if hackers set up fake websites that resemble ID.me. Their goal will be to trick you to go to one of those other sites.”

Santora emphasized that taxpayers should only access the IRS.gov portal through the direct website. Do not click on any email links or visit any websites suggested by phone or email. The IRS will never email or call you directly and ask you to access the site, verify your identity, or reset your password.

More From GOBankingRates

Share this article:

Make Your Money Work

About the Author

Dawn Allcot is a full-time freelance writer and content marketing specialist who geeks out about finance, e-commerce, technology, and real estate. Her lengthy list of publishing credits include Bankrate, Lending Tree, and Chase Bank. She is the founder and owner of GeekTravelGuide.net, a travel, technology, and entertainment website. She lives on Long Island, New York, with a veritable menagerie that includes 2 cats, a rambunctious kitten, and three lizards of varying sizes and personalities – plus her two kids and husband. Find her on Twitter, @DawnAllcot.
Learn More

Best Bank Accounts for September 2022

Untitled design (1)
Close popup The GBR Closer icon

Sending you timely financial stories that you can bank on.

Sign up for our daily newsletter for the latest financial news and trending topics.

Loading...
Please enter an email.
Please enter a valid email address.
There was an unknown error. Please try again later.

For our full Privacy Policy, click here.