The Treasury Inspector General for Tax Administration said in a report dated Nov. 19 that  IRS does not use a multifactor authentication system for high-risk electronic applications.
TIGTA also found that neither of the two taxpayer authentication-focused groups formed by IRS addresses cross-functional oversight, management and assessment of the agency’s user identity verification process.
The IG recommended that IRS “establish a function that is optimally placed in the organization and provide it with the authority needed to ensure that authentication policies and procedures are consistent and comply with government information security standards.”