TIGTA: IRS Passwords at Risk

Investigators posing as IRS computer help desk personnel were able to persuade 60% of Service employees they contacted to change their password to one the investigator suggested, a violation of IRS computer security rules. The findings by the Treasury Inspector General for Tax Administration (TIGTA) echoed those of a similar test by TIGTA in 2001, when 71% of employees contacted breached password security. In a retest in 2004, only 35% of employees contacted did so. In the latest check, only eight of the 102 employees approached reported the request as suspicious; such reporting is a requirement under IRS computer security protocols. The IRS will remind employees of potential threats and conduct its own, more extensive test during fiscal 2008.