Attachments to the OMB Supporting Statement: 2020 IRS Nationwide Tax Forum Focus Groups: Got MFA? Why Multi-Factor Authentication is a must for tax professionals
Moderator’s Guide
2020 IRS Nationwide Tax Forum Focus Groups: Got MFA? Why Multi-Factor Authentication is a must for tax professionals
Moderator’s Guide
I. Welcome and Introductions:
Introduction of the moderator
Good morning/afternoon. My name is <first name> and I will be your moderator for this session. I work for the Internal Revenue Service as a <job title>. Today I will be leading a discussion to get your feedback on multi-factor authentication.
What is a moderator?
My job as a moderator is to:
Help guide the flow of conversation
Make sure everyone’s comments are heard
Ensure that questions about the topic are covered
You will see me referring to this outline during our session. The outline includes all issues I need to raise with the group and helps me keep the discussion on track. It is important that we cover all the issues. Therefore, I may have to break off the conversation in order to move on to another area in the guide.
Ground Rules
Before we begin, I’d like to review some ground rules for today’s discussion.
For the IRS to speak with the public, we are required to have approval from the Office of Management and Budget. Their approval number for this project is 1545-1349. If you have any comments regarding this study, please write to: IRS, Special Services Committee, SE:W:CAR:MP:T:M:S – Room 6129, 1111 Constitution Avenue, NW, Washington, DC 20224.” [NOTE: Post this bullet on newsprint/white board for each session.]
There are no known risks to you for taking part in this focus group session. All the data the IRS collects will be kept private to the extent allowed by law. Your name will never be linked to your comments, nor will it appear in any written reports or publications.
Please speak just one at a time so everyone has a chance to participate.
Please don’t engage in side conversations-- we need for everyone to hear what the others are saying and for everything that’s said to be heard.
Sometimes I’ll go around the table and ask everyone for their input. At other times, I will just open a topic for general discussion.
We would like to hear from everyone in the group, but you don’t have to answer every question.
There are no right or wrong answers in today’s discussion. We expect to hear differences in how people see things.
Feel free to disagree. The purpose of a group session is for us to learn things in group interchanges that we don’t get out of one-on-one discussions. If someone says something you disagree with, please let us know.
If anyone needs to use the restroom, they are located <specify>.
Your participation is voluntary. Therefore, at any point in time you may leave the room.
If you have a cell phone, please turn it to silent.
The session will last one hour.
D. Introduction of Participants
To begin, I’d like each of you to introduce yourself using your first name only, tell us where you are from.
II. Discussion
As I mentioned at the start of the session, our goal today is to gather information regarding multi-factor authentication.
A. Data Breeches
I would like to start our discussion today talking about data breaches. We are going to define a data breach as:
An incident where information is stolen or taken without the knowledge or authorization of the owner. The stolen data may involve personally identifying information such as, names and addresses, Social Security Numbers, etc. (IRS.gov.) NOTE: Not Identity theft
How many of you have experienced a data breech in your personal lives (e.g., Equifax)? (Record number)
How many of you have experienced a data breech in your professional lives? (Record number)
Probe: Have you heard about other tax professionals experiencing data breeches?
Do you feel data breeches within the tax preparer community are a significant concern?
B. Security Practices
What procedures or practices do you currently have in place to protect taxpayer information?
What security practices do you use for personal banking or medical accounts that you also use for tax preparation?
How often do you log out of your tax software? (e.g., after each client, at the end of the day)
How often do you shut down your computer? (e.g., at the end of each day, work week, never)
C. Multifactor Authentication – Current Use
NOTE: Provide an explanation of what multifactor authentication is and is not. (e.g., poster, handout, flipchart)
How many of you have used a multifactor authenticator in your personal life? (Not including a code or link sent to your phone or an email) (Record number)
How many of you have used a multifactor authenticator for tax preparation? (Not including a code or link sent to your phone or an email) (Record number)
What has been your experience using a multifactor authenticator?
Probe: Ease or difficulty configuring?
Ease or difficulty using?
Time to use?
If difficult – What could have made its configuration or use easier?
For those that have used a multifactor authenticator, have you ever used a Multifactor Authentication app? (e.g., Google Authenticator, Microsoft Authenticator, RSA)
D. Multifactor Authentication – Future Use
How would you feel about using a multifactor authenticator?
Probes: What benefits do you see in using a multifactor authenticator?
What are the pitfalls?
Would you be willing to use multifactor authenticator? (why or why not)
NOTE: Provide an explanation of hardware and software based multifactor authentication. (e.g., YubiKey/smart card vs. phone app)
If you were going to use a multifactor authenticator,
how many of you would choose a software-based authenticator? (Record number)
how many of you would choose a hardware-based authenticator? (Record number)
Why would you choose a software- based authenticator?
Why would you choose a hardware-based authenticator?
Again, if you were going to use a multifactor authenticator, what type of guidance, information, or resources would be helpful?
III. Closing
Thinking about our discussion this morning/afternoon, is there anything else you would like to share regarding any of the topics we discussed.
Thank you very much for coming and sharing your ideas with us—we really appreciate your time.
Recruitment Script
2020 IRS Nationwide Tax Forum Focus Groups: Got MFA? Why Multi-Factor Authentication is a must for tax professionals
Recruitment Script
Hello, my name is ______________. I work for the Internal Revenue Service and I’m recruiting tax professionals to participate in a focus group. May I speak with you for a couple minutes?
The purpose of the session is to gather information from tax professionals about their understanding and use of multi-factor authentication.
Are you familiar with multi-factor authentication?
If no, Terminate
If yes, Continue
IF NO
Unfortunately, we are only recruiting preparers who have some familiarity with multi-factor authentication.
Thank you for your time.
IF YES
The focus group is scheduled for one hour, and your input will help improve the information the IRS provides on multi-factor authentication.
Your participation in the focus group is completely voluntary and is scheduled for <date>, <time>, and will be held at <location>.
Are you interested in participating?
If the tax professional agrees to participate, provide a reminder sheet containing the focus group date, time and location.
If the tax professional does not agree to participate, thank them for their time.
Focus Group Reminder
2020 IRS Nationwide Tax Forum Focus Groups: Got MFA? Why Multi-Factor Authentication is a must for tax professionals
Focus Group Reminder
Thank you for agreeing to participant in this multi-factor authentication focus group. For your convenience, we have listed the date, time and location of the session below.
Focus group date: <date>
Focus group time: <time>
Focus group location: <location>
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Rasey Howard W |
| File Modified | 0000-00-00 |
| File Created | 2021-01-14 |