Having a username and password has traditionally been the standard authentication strategy, but as criminals are becoming more sophisticated in their hacking methods, the traditional strategy is more vulnerable than ever. When you have to enter only your username and one password, that's considered a single-factor authentication. To help ensure against unauthorized access to systems, more and more businesses are applying two-factor authentication as the standard sign-in process.

What is two-factor authentication?

Two-factor authentication (commonly referred to as 2FA), adds a second level of authentication to your sign-in process, making your account more secure. 2FA requires you to have two out of three types of credentials before being able to access an account. The three types are:

  • Something you know, such as a PIN or a password
  • Something you have, such as a cell phone, a fob, or a token
  • Something you are (a biometric), such as your fingerprint or voice print

The 2FA solution with Income Tax Planner Web uses the first two factors, a knowledge factor, which is your password, and a physical factor, such as your cell phone.

On this page

Is 2FA new technology?

Not really. An example of 2FA in action is when you use your credit card and you must enter in your ZIP code to confirm the charge. In this case, you provide a physical factor, your credit card, and a knowledge factor, your ZIP code.

Will 2FA protect my account?

2FA offers more protection because it makes the job of a hacker difficult. In order for unauthorized persons to gain access to your account, they must acquire the physical component of your sign-in (your cell phone, for example). CNET states that a hacker can also "gain access to the cookies or tokens placed on the device by the authentication mechanism. This can happen in several ways, including a phishing attack, malware, or credit card-reader skimming.” Any additional layer of data protection is a necessity in today’s environment, and implementing 2FA is easy and cost effective, so there is no reason for businesses not to use 2FA.

How does 2FA work with Income Tax Planner Web?

With Income Tax Planner Web, Subscription Administrators control whether 2FA is enforced for the users in their firm. If 2FA is enabled by your Subscription Administrator, you will need the first two factors listed above. The first factor, something you know, is your password. The second factor, something you have, will be either your cell phone or an email account other than your sign-in email (username), whichever you specify. After entering your username and password, you will be prompted to send a one-time-valid, dynamic code consisting of digits to your cell phone or email. You will then be prompted to enter the verification code to gain access to Income Tax Planner Web. For details on configuring your code retrieval method, see Sign In Page > Configure Verification Code. If you are a Subscription Administrator and want to learn about enabling 2FA for your firm, see Policies Page > Verification Code Policies. To learn more about other Bloomberg Tax Technology security measures, see Security Excellence in Web Computing.