Drake is starting to roll out the use of MFA. However, they are not using an internatlly created MFA program. Instead, clients are supposed to use a privately acquired service such as Google Authenticator, Authy and the like.
Generally, those options seem to center around an app to be installed on a cell phone. Personally, I think linking a security app to a cell phone----especially one that gets carried around (where it can be lost or stolen) and used for multiple other purposes----is more than a little risky (just Google on "gaining remote accerss to a cell phone"). While it won't necessarily eliminate the issues, I would probably want to tie my app to a phone that is not carried around or used for other purposes.
We are now coming around to the idea that using SMS (ie a phone call or text) for MFA is not all that secure. I wonder if these authenticator apps will ulitmately have a similar problem.
For now, as an alternative, I know that Google Authenticator has started to offer a USB key/token/FOB in lieu of the app.
If you have had experience with any of these authenticator apps and expecially if you have used an FOB, in connection with tax software, I would appreciate hearing about your experience.