Tax Software Timeouts

Key tips and advice the working tax pro can use.
#1
irc162  
Account Deactivated
Posts:
384
Joined:
5-Jan-2015 5:34pm
With Drake software, the timeout period for a preparer with full rights is 10 minutes of inactivity in the tax program. For a preparer without full rights, its 15 minutes. This is proving to be a real annoyance. Tying to have a phone conversation with a client while accessing data from their return is difficult, particularly for clients that have a lot to say. (Hold that thought while I log into my software for the 3rd time). I have to remember to keep moving my mouse.

Last year, the timeout period was 20/25 minutes. That was workable. A colleague who uses Lacerte says her timeout period is still more like 20-25 minutes. Can anyone confirm that? If you use something other than Lacerte, what is the timeout period for your software?

I asked Drake Support about the 10 minute timeout and they insist that the IRS mandates a 10/15 minute timeout period for this tax season. They could not point to any documentation that support that (other than the 2016 Security Protocols which require timeouts but do not appear to specify a time period). Do you know of any?

Drake Support is always pleasant and answers the phone quickly, but I am wondering how they score on transparency.

I understand security is important. But, in my opinion, there needs to be a balance between security and usability.
 

#2
Andee  
Posts:
38
Joined:
25-Aug-2016 3:00pm
Location:
AL
Thomson Reuters (UT, File Cab etc) software has a 30 minute timeout. Other users reported that a "Jiggler" device can be used as a workaround to the 30 minute timeout. It's a USB device that acts as a mouse and moves the pointer one pixel every minute or so. I purchased one and have been using it all week - it's virtually eliminated the timeouts throughout the day. This option may not be for everyone, but it's been a good solution for me. Here is a link to the one I bought: https://www.amazon.com/CRU-30200-0100-0 ... ARZ35QHVNY
 

#3
irc162  
Account Deactivated
Posts:
384
Joined:
5-Jan-2015 5:34pm
Andee wrote:Thomson Reuters (UT, File Cab etc) software has a 30 minute timeout. Other users reported that a "Jiggler" device can be used as a workaround to the 30 minute timeout. It's a USB device that acts as a mouse and moves the pointer one pixel every minute or so. I purchased one and have been using it all week - it's virtually eliminated the timeouts throughout the day. This option may not be for everyone, but it's been a good solution for me. Here is a link to the one I bought: https://www.amazon.com/CRU-30200-0100-0 ... ARZ35QHVNY


Thank you! This is really helfpul....I am going to give the jiggler a try. 10 minute timeouts are just not working for me.
 

#4
makbo  
Posts:
6840
Joined:
23-Apr-2014 3:44pm
Location:
In The Counting House
UltraTax always seems to be up to date with Security Summit recommendations, and I while I haven't timed it, I agree that the time out for UT is still more like 30 minutes, as it has been from the start, so Drake's contention is suspect.

Beware the Jiggler! (not to be confused with "The Tingler", which reference some of you will get). It is exactly this type of USB stick, masquerading as a mouse or keyboard, which can severely compromise your system by opening windows and clicking on things, just as if you were physically doing it.

The time-out is a security measure. If you circumvent it, you are lessening your security. It is akin to unplugging your smoke detectors.
 

#5
Frankly  
Moderator
Posts:
2448
Joined:
21-Apr-2014 9:08am
Location:
California
I asked Drake Support about the 10 minute timeout and they insist that the IRS mandates a 10/15 minute timeout period for this tax season.

Security Summit recommendations are not mandates.

Sometimes recommendations are mere fig leaves. When was the last time security was breached because a practitioner walked away from the computer for 10 (or 30) minutes and a hacker person jumped in and did a bad thing? Has that ever happened, even one time? Yet we get such ridiculous recommendations, mainly because they can't think of anything else that provides security while preserving functionality. They have to recommend something to preserve their jobs.
 

#6
novacpa  
Posts:
1225
Joined:
28-Apr-2014 1:16pm
Location:
McLean, Virginia 22101
Thanks - ordered 1 - 3 day delivery - eBay $17.
ATX has an extraordinary complicated password regimen - and changes it every 6-months - a real paid in the A$$.
 

#7
irc162  
Account Deactivated
Posts:
384
Joined:
5-Jan-2015 5:34pm
Frankly wrote:
I asked Drake Support about the 10 minute timeout and they insist that the IRS mandates a 10/15 minute timeout period for this tax season.

Security Summit recommendations are not mandates.

Sometimes recommendations are mere fig leaves. When was the last time security was breached because a practitioner walked away from the computer for 10 (or 30) minutes and a hacker person jumped in and did a bad thing? Has that ever happened, even one time? Yet we get such ridiculous recommendations, mainly because they can't think of anything else that provides security while preserving functionality. They have to recommend something to preserve their jobs.


I agree..... while I am on the phone with a client and not moving my mouse around within my tax software program---which usually triggers the 10 minute timeout---in order to "breach security", someone would need to break into my office by passing through locked doors and a security system, passing by a pissed off Border Collie who does not take kindly to intruders, and then knock me out out cold----since I would most likely be sitting in front the the computer.

Drake's use of a 10 minute timeout is troubling. Next year, they want us to use a system of MFA that centers around the use of Google Authenticator (which is not even used by Google's own employees) or another similar phone app. This will be the only option. Every time my computer logs me out, I will have to sign in and re-authenticate. I envision having to do this numerous times a day.

It is my understanding that some of other software companies---and IRS E Services----do MFA differently. They still offer the option of obtaining a security code via phone or text. With Lacerte (as I understand it), authentication is not required with each login . I get that this is less secure, but it is easier and less time consuming. I agree that MFA is necessary. But Drake needs to understand that there needs to be a balance between security and ease of use. Other software companies seem better able to grasp that while security is a concern, at least for some of us, our priority is to complete correct tax returns in a timely and efficent manner. Adding an hour or so to my working day (spent logging in and authenticating multiple times, as well as dealing with technical issues related to the MFA app) in the name of trying to out secure the IRS and other software companies does not endear me to Drake software. Drake needs to get its priorities straight. Low price and value are not synonymous. And yes, I know that this has turned into something of a rant....
 

#8
ATSMAN  
Posts:
2094
Joined:
31-May-2014 8:34pm
Location:
MA
I use Drake and I have just got used to moving the mouse while I am on the phone with an open return. I wish the time out was more like 30 minutes but I can live with it. I don't recommend using devices that can be a security hazard.

When I get locked out the password screen pops up and it takes 2 seconds to enter the password and hit Enter!
 

#9
irc162  
Account Deactivated
Posts:
384
Joined:
5-Jan-2015 5:34pm
I guess I am not the only one who had questions about Drake's use of a 10 minute timeout period. Earlier today, somoene else posted on the Drake forum saying that Drake Support told him a 10 minute timeout was mandatory. The poster felt this was not a truthful statement. Someone calling themselves an "adminstrator" confirmed that it was a requirement. A respondent then asked Drake to provide documentation on the 10 minute requirement. Other respondents commented on the issue and pointed out that other software companies used a longer timeout period. Since I was interested in this topic, I checked back this afternoon. The whole thread seems to be gone---just like it never was.
 

#10
makbo  
Posts:
6840
Joined:
23-Apr-2014 3:44pm
Location:
In The Counting House
I recall that Drake previously also imposed, on their own, an excess standard on efiling the "were you covered all year by health insurance" question on form 1040. It seems Drake has a history of making certain standards more stringent for their users than the system requires, and then refusing to acknowledge it. I wonder whatever in the world could be their motivation for this repeated behavior?
 

#11
irc162  
Account Deactivated
Posts:
384
Joined:
5-Jan-2015 5:34pm
So this morning, the original poster on the Drake Forum is back up asking why his oriiginal thread was pulled. Probably, that thread will disappear soon too. It is really too bad that Drake has choosen to take the low road on this. Instead of providing documentation or an explanation of their decision to provide a shorter timeout than ris equired by the IRS or the Security Summit guidelines, they decided to eliminate the post asking about this. The folks at Drake have a very thin skin.

I have been a Drake user for 6 years---for many of those years, running it side by side with Lacerte. Overall, I was pretty happy wiht the softrware. Its main benefit was that you could override just about anything. That made it a good fit for multi state trust returns with odd things on them. On Lacerte, a lot of time was spent trying to get the software to put the correct number on the correct line.

This year, Drake has changed. In my opinion, the quailty of the software has declined. This is not strictly related to all of the tax law changes going into effect this year. Some of the changes that Drake has made seem to me to indicate that the person or persons who are making strategic and programming decisions have very little experience in tax law and/or actually preparing returns. I guess Drake thinks that as long as the price remains steady, the quality of the product doesn't mmatter. With that kind of thinking, Drake may soon become the tax prep version of the Yugo.
 

#12
novacpa  
Posts:
1225
Joined:
28-Apr-2014 1:16pm
Location:
McLean, Virginia 22101
I got the "jiggler" works great - screen never goes down.
 

#13
makbo  
Posts:
6840
Joined:
23-Apr-2014 3:44pm
Location:
In The Counting House
novacpa wrote:I got the "jiggler" works great

... at decreasing your security. And if you ever have a security breach, be sure you let everyone know how you took steps to circumvent built-in security features in your software.
 

#14
Webster  
Posts:
317
Joined:
5-Nov-2015 5:05pm
Location:
On TPT, of course
Makbo, you have mentioned before that you have a software background. I do some VBA programming, and I can't stand unelegant solutions like that. Seems like such a hack if you compare it to properly programming something.

As far as the security, I would strongly recommend against this. I guess all the Drake groupies will have to talk to their ultra-responsive software provider. :lol: Reminds me of the CPE webinar I listened to today. It was rather worthless (you get what you pay for) but had an entertaining spot or two. A comment came in from a listener, "My software works great". I thought to myself, must be Drake. The presenter asked, and it was.
 

#15
Frankly  
Moderator
Posts:
2448
Joined:
21-Apr-2014 9:08am
Location:
California
I get a warm fuzzy feeling every time my software shuts off. It is so relieving knowing that I have been protected against the evil bad guys that hang around my desk just waiting for me to get sidetracked for a moment. Ah, the world is all wonderful now that we have automatic software shutdown. Protection from perceived evil is so wonderful.
 

#16
makbo  
Posts:
6840
Joined:
23-Apr-2014 3:44pm
Location:
In The Counting House
Frankly wrote:I get a warm fuzzy feeling every time my software shuts off. It is so relieving knowing that I have been protected [...] Protection from perceived evil is so wonderful.

Yes, just like when your smoke alarm goes off even though your residence is not on fire. You should unplug it, since it's not really protecting you by going off when there is no fire.

And as for "perceived evil", I believe it's pretty well documented that there is actual evil involving compromise of systems operated by legitimate tax preparers. There are even numbers showing that the amount of ID fraud has gone way down over the last few years, due to implementation of IRS Security Summit recommendations.
 

#17
Webster  
Posts:
317
Joined:
5-Nov-2015 5:05pm
Location:
On TPT, of course
So Frankly, should software not time out at all? Or after one hour? Do you see no security risk in keeping a tax program open 24/7?
 

#18
Frankly  
Moderator
Posts:
2448
Joined:
21-Apr-2014 9:08am
Location:
California
I might feel even more warm and fuzzy if someone, anyone, could describe a reasonable scenario whereby some evil bad guy could get the secret information from my computer except for being foiled by automatic shutoff. Just one example will do.
 

#19
Frankly  
Moderator
Posts:
2448
Joined:
21-Apr-2014 9:08am
Location:
California
Webster wrote: Do you see no security risk in keeping a tax program open 24/7?
There's a logical fallacy imbedded in that comment.

You come in to work, turn on the computer, work all day, and shut it off when you go home. There's no "security" in the software shutting down every ten minutes just "because". But, those that think this stuff up believe they have solved part of the ID theft problem. Now they can sleep better at night.
 

#20
makbo  
Posts:
6840
Joined:
23-Apr-2014 3:44pm
Location:
In The Counting House
A bad guy, unbeknownst to you, has remote access to your computer (there are dozens of such programs out there -- TeamViewer, GoToMyPC, VNC, etc). What they don't have is the password to your tax software. But, once you take off for the night, they can now access your tax software, without you observing their actions - in other words, undetected.

Of course, you are impervious to any such hack because you have other protections (that you have hopefully not circumvented) against unauthorized remote access, and you don't have any employees, but it could happen to someone else. Not all tax practices are like yours.


Should the software ignore the security needs of the 99% for the convenience of the 1%?
Last edited by makbo on 22-Feb-2019 8:08pm, edited 2 times in total.
 

Next

Return to Tax Prep: Important tips and advice



Who is online

Users browsing this forum: No registered users and 5 guests