{"id":80660,"date":"2016-07-30T12:30:59","date_gmt":"2016-07-30T16:30:59","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-14T20:41:22","modified_gmt":"2021-08-15T00:41:22","slug":"more-irs-tech-troubles","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/more-irs-tech-troubles\/","title":{"rendered":"More IRS Tech Troubles"},"content":{"rendered":"

\"More<\/a>The U.S. gooberment agency in charge of extorting<\/del> collecting taxes from citizens, but not businesses<\/a>, has more IT troubles. In the past, the IRS<\/strong> has had problems with hackers<\/strong> attacking its online systems<\/a>\u00a0which exposed<\/strong> more than 720,000 taxpayer accounts<\/strong>.\u00a0It has had data breaches<\/a>\u00a0that released 101,000 taxpayer SSNs<\/strong>, Its internal processes are so weak that the IRS could not find 1,300 PC’s<\/strong><\/a> to complete the upgrade from Windows XP<\/a>.<\/p>\n

\"collecting<\/a>The latest report says that the IRS off-boarding processes are so porous that former employees<\/strong> have \u201cunauthorized entry.<\/strong>\u201d Former employees have access to workplaces, IRS computers<\/strong>, taxpayer information<\/strong>, and could allow them to misrepresent themselves<\/strong> to taxpayers, according<\/a> to an article at Nextgov<\/a><\/em>.<\/p>\n

The article cites a new watchdog report. In the report, there was a random sampling in 2014 that said the IRS couldn\u2019t verify it had recovered all security items from more than 66 percent of roughly 4,100 \u201cseparated\u201d employees. <\/strong>The employees had left due to retirement, resignation, death, etc.<\/p>\n

If the IRS had just checked with me, this would not have been a surprise. In 2014 wrote about this issue<\/a>. Lieberman Software<\/a>\u00a0released the results of a survey of IT security professionals. 13%\u00a0of IT Pros at the RSA Conference 2014<\/a>\u00a0admitted to being able to\u00a0access previous employers\u2019 systems<\/strong> using their old credentials.\u00a0Perhaps even more alarming is that of those able to access previous employers\u2019 systems nearly 23% can get into their previous two employers\u2019 systems using old credentials<\/strong>.<\/p>\n

rb-<\/em><\/strong><\/p>\n

\"twoThis is just another example of why passwords suck. If the tax collectors used a two-factor authentication (2FA<\/a>) process, chances are must greater that ex-employees would not be able to access taxpayer’s records. Two-factor authentication<\/a> is a security process where the\u00a0user provides two means of identification from separate categories of credentials.\u00a0<\/em><\/p>\n

An authentication factor is an independent category of credentials used for identity verification. The three most common categories are often described as something you know (the knowledge factor<\/a>), something you have (the possession factor)<\/a>, and something you are (the inheritance factor<\/a>). For systems with more demanding requirements for security, location and time are sometimes added as fourth and fifth factors.<\/em><\/p>\n

\"\"<\/a>One rising authentication measure is biometrics. Biometrics<\/a> is the measurement and statistical analysis of people’s physical and behavioral characteristics. The technology is mainly used for identification and access control. The basic premise of biometric authentication<\/a> is that everyone is unique and an individual can be identified by his or her intrinsic physical or behavioral traits. An individual’s biometric uniqueness can fulfill the inheritance factor of identify verification (\u201csomething you are\u201d). Using biometrics in its various forms (I have written about different forms of biometrics on the Bach Seat<\/a>;\u00a0voice<\/a>, brain waves<\/a>, retina scan<\/a>, behavioral biometrics<\/a>, etc.) when combined with a strong password can form a 2FA.<\/em><\/p>\n

There are\u00a0drawbacks<\/a> to using biometrics for authentication too.<\/em><\/p>\n

Related articles<\/h6>\n