Free Trial: TheSiteFactory.com

Tax Software Timeouts

Key tips and advice the working tax pro can use.
#1
irc162  
Posts:
266
Joined:
5-Jan-2015 5:34pm
Location:
Rogue Valley
With Drake software, the timeout period for a preparer with full rights is 10 minutes of inactivity in the tax program. For a preparer without full rights, its 15 minutes. This is proving to be a real annoyance. Tying to have a phone conversation with a client while accessing data from their return is difficult, particularly for clients that have a lot to say. (Hold that thought while I log into my software for the 3rd time). I have to remember to keep moving my mouse.

Last year, the timeout period was 20/25 minutes. That was workable. A colleague who uses Lacerte says her timeout period is still more like 20-25 minutes. Can anyone confirm that? If you use something other than Lacerte, what is the timeout period for your software?

I asked Drake Support about the 10 minute timeout and they insist that the IRS mandates a 10/15 minute timeout period for this tax season. They could not point to any documentation that support that (other than the 2016 Security Protocols which require timeouts but do not appear to specify a time period). Do you know of any?

Drake Support is always pleasant and answers the phone quickly, but I am wondering how they score on transparency.

I understand security is important. But, in my opinion, there needs to be a balance between security and usability.
 

#2
Andee  
Posts:
38
Joined:
25-Aug-2016 3:00pm
Location:
AL
Thomson Reuters (UT, File Cab etc) software has a 30 minute timeout. Other users reported that a "Jiggler" device can be used as a workaround to the 30 minute timeout. It's a USB device that acts as a mouse and moves the pointer one pixel every minute or so. I purchased one and have been using it all week - it's virtually eliminated the timeouts throughout the day. This option may not be for everyone, but it's been a good solution for me. Here is a link to the one I bought: https://www.amazon.com/CRU-30200-0100-0 ... ARZ35QHVNY
 

#3
irc162  
Posts:
266
Joined:
5-Jan-2015 5:34pm
Location:
Rogue Valley
Andee wrote:Thomson Reuters (UT, File Cab etc) software has a 30 minute timeout. Other users reported that a "Jiggler" device can be used as a workaround to the 30 minute timeout. It's a USB device that acts as a mouse and moves the pointer one pixel every minute or so. I purchased one and have been using it all week - it's virtually eliminated the timeouts throughout the day. This option may not be for everyone, but it's been a good solution for me. Here is a link to the one I bought: https://www.amazon.com/CRU-30200-0100-0 ... ARZ35QHVNY


Thank you! This is really helfpul....I am going to give the jiggler a try. 10 minute timeouts are just not working for me.
 

#4
makbo  
Posts:
6423
Joined:
23-Apr-2014 3:44pm
Location:
District 13
UltraTax always seems to be up to date with Security Summit recommendations, and I while I haven't timed it, I agree that the time out for UT is still more like 30 minutes, as it has been from the start, so Drake's contention is suspect.

Beware the Jiggler! (not to be confused with "The Tingler", which reference some of you will get). It is exactly this type of USB stick, masquerading as a mouse or keyboard, which can severely compromise your system by opening windows and clicking on things, just as if you were physically doing it.

The time-out is a security measure. If you circumvent it, you are lessening your security. It is akin to unplugging your smoke detectors.
 

#5
Frankly  
Moderator
Posts:
1830
Joined:
21-Apr-2014 9:08am
Location:
California
I asked Drake Support about the 10 minute timeout and they insist that the IRS mandates a 10/15 minute timeout period for this tax season.

Security Summit recommendations are not mandates.

Sometimes recommendations are mere fig leaves. When was the last time security was breached because a practitioner walked away from the computer for 10 (or 30) minutes and a hacker person jumped in and did a bad thing? Has that ever happened, even one time? Yet we get such ridiculous recommendations, mainly because they can't think of anything else that provides security while preserving functionality. They have to recommend something to preserve their jobs.
 

#6
novacpa  
Posts:
297
Joined:
28-Apr-2014 1:16pm
Location:
Arlington, Virginia
Thanks - ordered 1 - 3 day delivery - eBay $17.
ATX has an extraordinary complicated password regimen - and changes it every 6-months - a real paid in the A$$.
 

#7
irc162  
Posts:
266
Joined:
5-Jan-2015 5:34pm
Location:
Rogue Valley
Frankly wrote:
I asked Drake Support about the 10 minute timeout and they insist that the IRS mandates a 10/15 minute timeout period for this tax season.

Security Summit recommendations are not mandates.

Sometimes recommendations are mere fig leaves. When was the last time security was breached because a practitioner walked away from the computer for 10 (or 30) minutes and a hacker person jumped in and did a bad thing? Has that ever happened, even one time? Yet we get such ridiculous recommendations, mainly because they can't think of anything else that provides security while preserving functionality. They have to recommend something to preserve their jobs.


I agree..... while I am on the phone with a client and not moving my mouse around within my tax software program---which usually triggers the 10 minute timeout---in order to "breach security", someone would need to break into my office by passing through locked doors and a security system, passing by a pissed off Border Collie who does not take kindly to intruders, and then knock me out out cold----since I would most likely be sitting in front the the computer.

Drake's use of a 10 minute timeout is troubling. Next year, they want us to use a system of MFA that centers around the use of Google Authenticator (which is not even used by Google's own employees) or another similar phone app. This will be the only option. Every time my computer logs me out, I will have to sign in and re-authenticate. I envision having to do this numerous times a day.

It is my understanding that some of other software companies---and IRS E Services----do MFA differently. They still offer the option of obtaining a security code via phone or text. With Lacerte (as I understand it), authentication is not required with each login . I get that this is less secure, but it is easier and less time consuming. I agree that MFA is necessary. But Drake needs to understand that there needs to be a balance between security and ease of use. Other software companies seem better able to grasp that while security is a concern, at least for some of us, our priority is to complete correct tax returns in a timely and efficent manner. Adding an hour or so to my working day (spent logging in and authenticating multiple times, as well as dealing with technical issues related to the MFA app) in the name of trying to out secure the IRS and other software companies does not endear me to Drake software. Drake needs to get its priorities straight. Low price and value are not synonymous. And yes, I know that this has turned into something of a rant....
 

#8
ATSMAN  
Posts:
1222
Joined:
31-May-2014 8:34pm
Location:
MA
I use Drake and I have just got used to moving the mouse while I am on the phone with an open return. I wish the time out was more like 30 minutes but I can live with it. I don't recommend using devices that can be a security hazard.

When I get locked out the password screen pops up and it takes 2 seconds to enter the password and hit Enter!
 

#9
irc162  
Posts:
266
Joined:
5-Jan-2015 5:34pm
Location:
Rogue Valley
I guess I am not the only one who had questions about Drake's use of a 10 minute timeout period. Earlier today, somoene else posted on the Drake forum saying that Drake Support told him a 10 minute timeout was mandatory. The poster felt this was not a truthful statement. Someone calling themselves an "adminstrator" confirmed that it was a requirement. A respondent then asked Drake to provide documentation on the 10 minute requirement. Other respondents commented on the issue and pointed out that other software companies used a longer timeout period. Since I was interested in this topic, I checked back this afternoon. The whole thread seems to be gone---just like it never was.
 

#10
makbo  
Posts:
6423
Joined:
23-Apr-2014 3:44pm
Location:
District 13
I recall that Drake previously also imposed, on their own, an excess standard on efiling the "were you covered all year by health insurance" question on form 1040. It seems Drake has a history of making certain standards more stringent for their users than the system requires, and then refusing to acknowledge it. I wonder whatever in the world could be their motivation for this repeated behavior?
 

#11
irc162  
Posts:
266
Joined:
5-Jan-2015 5:34pm
Location:
Rogue Valley
So this morning, the original poster on the Drake Forum is back up asking why his oriiginal thread was pulled. Probably, that thread will disappear soon too. It is really too bad that Drake has choosen to take the low road on this. Instead of providing documentation or an explanation of their decision to provide a shorter timeout than ris equired by the IRS or the Security Summit guidelines, they decided to eliminate the post asking about this. The folks at Drake have a very thin skin.

I have been a Drake user for 6 years---for many of those years, running it side by side with Lacerte. Overall, I was pretty happy wiht the softrware. Its main benefit was that you could override just about anything. That made it a good fit for multi state trust returns with odd things on them. On Lacerte, a lot of time was spent trying to get the software to put the correct number on the correct line.

This year, Drake has changed. In my opinion, the quailty of the software has declined. This is not strictly related to all of the tax law changes going into effect this year. Some of the changes that Drake has made seem to me to indicate that the person or persons who are making strategic and programming decisions have very little experience in tax law and/or actually preparing returns. I guess Drake thinks that as long as the price remains steady, the quality of the product doesn't mmatter. With that kind of thinking, Drake may soon become the tax prep version of the Yugo.
 

#12
novacpa  
Posts:
297
Joined:
28-Apr-2014 1:16pm
Location:
Arlington, Virginia
I got the "jiggler" works great - screen never goes down.
 

#13
makbo  
Posts:
6423
Joined:
23-Apr-2014 3:44pm
Location:
District 13
novacpa wrote:I got the "jiggler" works great

... at decreasing your security. And if you ever have a security breach, be sure you let everyone know how you took steps to circumvent built-in security features in your software.
 

#14
Webster  
Posts:
90
Joined:
5-Nov-2015 5:05pm
Location:
On TPT, of course
Makbo, you have mentioned before that you have a software background. I do some VBA programming, and I can't stand unelegant solutions like that. Seems like such a hack if you compare it to properly programming something.

As far as the security, I would strongly recommend against this. I guess all the Drake groupies will have to talk to their ultra-responsive software provider. :lol: Reminds me of the CPE webinar I listened to today. It was rather worthless (you get what you pay for) but had an entertaining spot or two. A comment came in from a listener, "My software works great". I thought to myself, must be Drake. The presenter asked, and it was.
 

#15
Frankly  
Moderator
Posts:
1830
Joined:
21-Apr-2014 9:08am
Location:
California
I get a warm fuzzy feeling every time my software shuts off. It is so relieving knowing that I have been protected against the evil bad guys that hang around my desk just waiting for me to get sidetracked for a moment. Ah, the world is all wonderful now that we have automatic software shutdown. Protection from perceived evil is so wonderful.
 

#16
makbo  
Posts:
6423
Joined:
23-Apr-2014 3:44pm
Location:
District 13
Frankly wrote:I get a warm fuzzy feeling every time my software shuts off. It is so relieving knowing that I have been protected [...] Protection from perceived evil is so wonderful.

Yes, just like when your smoke alarm goes off even though your residence is not on fire. You should unplug it, since it's not really protecting you by going off when there is no fire.

And as for "perceived evil", I believe it's pretty well documented that there is actual evil involving compromise of systems operated by legitimate tax preparers. There are even numbers showing that the amount of ID fraud has gone way down over the last few years, due to implementation of IRS Security Summit recommendations.
 

#17
Webster  
Posts:
90
Joined:
5-Nov-2015 5:05pm
Location:
On TPT, of course
So Frankly, should software not time out at all? Or after one hour? Do you see no security risk in keeping a tax program open 24/7?
 

#18
Frankly  
Moderator
Posts:
1830
Joined:
21-Apr-2014 9:08am
Location:
California
I might feel even more warm and fuzzy if someone, anyone, could describe a reasonable scenario whereby some evil bad guy could get the secret information from my computer except for being foiled by automatic shutoff. Just one example will do.
 

#19
Frankly  
Moderator
Posts:
1830
Joined:
21-Apr-2014 9:08am
Location:
California
Webster wrote: Do you see no security risk in keeping a tax program open 24/7?
There's a logical fallacy imbedded in that comment.

You come in to work, turn on the computer, work all day, and shut it off when you go home. There's no "security" in the software shutting down every ten minutes just "because". But, those that think this stuff up believe they have solved part of the ID theft problem. Now they can sleep better at night.
 

#20
makbo  
Posts:
6423
Joined:
23-Apr-2014 3:44pm
Location:
District 13
A bad guy, unbeknownst to you, has remote access to your computer (there are dozens of such programs out there -- TeamViewer, GoToMyPC, VNC, etc). What they don't have is the password to your tax software. But, once you take off for the night, they can now access your tax software, without you observing their actions - in other words, undetected.

Of course, you are impervious to any such hack because you have other protections (that you have hopefully not circumvented) against unauthorized remote access, and you don't have any employees, but it could happen to someone else. Not all tax practices are like yours.


Should the software ignore the security needs of the 99% for the convenience of the 1%?
Last edited by makbo on 22-Feb-2019 8:08pm, edited 2 times in total.
 

#21
irc162  
Posts:
266
Joined:
5-Jan-2015 5:34pm
Location:
Rogue Valley
Webster wrote:So Frankly, should software not time out at all? Or after one hour? Do you see no security risk in keeping a tax program open 24/7?


The point is that there needs to be a balance between security and usability. Many software packages time out after 20-30 minutes. That seems reasonbable. Drake is timing out after 10 minutes. I don't think the additional security provided by a 10 minute time out vs. a 25 minute timeout adequately offsets the increased hassle.
 

#22
Webster  
Posts:
90
Joined:
5-Nov-2015 5:05pm
Location:
On TPT, of course
I agree 10 minutes seems like a short time. My question was wondering what Frankly was thinking.
 

#23
makbo  
Posts:
6423
Joined:
23-Apr-2014 3:44pm
Location:
District 13
Frankly wrote:You come in to work, turn on the computer, work all day, and shut it off when you go home.

Ha ha -- I recall you hate Windows, but I have to admit, Windows 10 will sometimes restart your computer even if you have turned it off, for example to install an update requiring restart (reboot). I have taken to not only hibernating, but physically unplugging the power cord to my desktop computer when I quit for the night.

Unfortunately, notebook computers with batteries have no such option. I have given up being annoyed at my "slop" computer (the one at the kitchen table where I never log in to anything, and have NoScript installed for my browser) starting up on its own in the middle of the night, because at least it's installing an update, and if it screws up, very little is at risk.

Don't underestimate the cleverness of hackers, some of whom are not actually evil. They can monitor your ambient noises (such as keyboard clicks) and analyze them with AI, and I hear it is impossible these days to buy a TV without a microphone. I highly recommend subscribing to Crypto-Gram by a very erudite and respected security researcher, it is an eye-opener to read a fairly believable source about what businesses and governments are doing in this arena.

Here are some recent blog posts:

Alex Stamos on Content Moderation and Security
El Chapo's Encryption Defeated by Turning His IT Consultant
Prices for Zero-Day Exploits Are Rising
Clever Smartphone Malware Concealment Technique
Military Carrier Pigeons in the Era of Electronic Warfare
Japanese Government Will Hack Citizens' IoT Devices
iPhone FaceTime Vulnerability
Security Analysis of the LIFX Smart Light Bulb
Security Flaws in Children's Smart Watches
Facebook's New Privacy Hires
Using Gmail "Dot Addresses" to Commit Fraud
 

#24
makbo  
Posts:
6423
Joined:
23-Apr-2014 3:44pm
Location:
District 13
irc162 wrote: Many software packages time out after 20-30 minutes. That seems reasonbable. Drake is timing out after 10 minutes. I don't think the additional security provided by a 10 minute time out vs. a 25 minute timeout adequately offsets the increased hassle.

See post #10.
 

#25
Webster  
Posts:
90
Joined:
5-Nov-2015 5:05pm
Location:
On TPT, of course
And that is why I suggest that Drake's users talk to Drake as you suggested.

As far as Frankly turning his computer off, I am glad he does. But, I have worked with someone who found turning his computer on a bother, so it would be on for several weeks until it became sluggish enough he would reboot. Because the proprietor would turn the computer off if he saw it on after hours, this coworker started turning his monitors off. :roll:
 

#26
irc162  
Posts:
266
Joined:
5-Jan-2015 5:34pm
Location:
Rogue Valley
Webster wrote:And that is why I suggest that Drake's users talk to Drake as you suggested.:


Which brings us back to the reason for my original post. I did talk to Drake. They swore left right and sideways that a 10 minute timeout was mandated by the IRS. I gave them the benefit of the doubt. I put it to the forum. If there was documentation for a 10 minute timeout requirement, someone here would know about it. They don’t. Most software companies are using a longer timeout.

Other Drake users were given the same info as I was. A post on the Drake forum questioning their position on the 10 minute timeout was taken down.

It appears ( as Makbo suggested) that Drake has their own agenda---whatever that is. It’s not just the timeouts. Drake also made some questionable decisions regarding their approach to MFA. They are going in a different direction from the other software providers. It’s a direction that is likely to create multiple problems for its users (as evidenced by the problems cited on the Drake forum by users who tried to implement Drake’s version of MFA this year).

If Drake thinks it's approach to timeouts and MFA is somehow superior to what is being used by other companies, why don't they own it? Is this lack of transparency a symptom of larger problems at Drake?
Last edited by irc162 on 23-Feb-2019 9:27am, edited 1 time in total.
 

#27
Frankly  
Moderator
Posts:
1830
Joined:
21-Apr-2014 9:08am
Location:
California
If the problem is bad remote access software the solution is to fix the remote access software, or not install it in the first place.
If the problem is Windows waking up and doing updates and other bad stuff, the solution is to shut it down - takes all of three clicks and 5 seconds once per day.

The "solution" of turning off the tax software after 10 minutes or 30 minutes doesn't fix anything. It's merely a fig leaf and is simple for the tax software folks to implement. They've successfully inconvenienced 100% of users for the sake of a remote possibility of a bad guy doing a bad thing in this manner.

Meanwhile I can't remember my very secure 12 character password of random letters, numbers, and symbols. The solution to that is to paste it in a txt file on the desktop so I can easily use it multiple times per day. It's wonderful to feel safe.
 

#28
makbo  
Posts:
6423
Joined:
23-Apr-2014 3:44pm
Location:
District 13
Military Carrier Pigeons in the Era of Electronic Warfare

Darn, I thought at least one of our old-timers here would pick up on this! :D

disclaimer: I do not discriminate on account of age, I'm getting older myself, dontcha know.
 

#29
novacpa  
Posts:
297
Joined:
28-Apr-2014 1:16pm
Location:
Arlington, Virginia
makbo wrote:
novacpa wrote:I got the "jiggler" works great

... at decreasing your security. And if you ever have a security breach, be sure you let everyone know how you took steps to circumvent built-in security features in your software.


Nonsense - malbo - the Jiggler plugs into the usb port, keeps the open window - open, all others time out.
Pull out the "Jiggler"- and the "timeouts" are engaged, and resume - no security forfeited, at all.
As paranoid as you are about creatures invading your laptop in the wee-hours of the night - you may well want to Petition President Trump - to "Build a Wall" around your place, and make Jerry Brown "pay for it".
 

#30
Posts:
290
Joined:
2-Jun-2014 11:11am
Location:
Long Island, NY
I purchased the jiggler after reading this thread. Just tested it while out to lunch and it didn't stop the programs shut down.
 

#31
novacpa  
Posts:
297
Joined:
28-Apr-2014 1:16pm
Location:
Arlington, Virginia
Jiggler - keeps one window open, if your tax program is "minimized" it will time-out.
 

#32
Posts:
290
Joined:
2-Jun-2014 11:11am
Location:
Long Island, NY
ahh thanks for that, thats why it worked the first day and then didn't but now when i plug it in i get an "unrecognized device" so perhaps i also just got a defective one.
 

#33
makbo  
Posts:
6423
Joined:
23-Apr-2014 3:44pm
Location:
District 13
The tingler - "a parasitic creature that grows when fear grips its host. " Yup, sounds right
 

#34
Posts:
69
Joined:
5-Feb-2015 9:28am
Location:
TimBuckTwo
Free utility called "Mouse Move" is your friend. They do ask for donations, but not necessary. Google it !!
 

#35
irc162  
Posts:
266
Joined:
5-Jan-2015 5:34pm
Location:
Rogue Valley
I have been using the mouse jiggler for about a month and it works great. If only it coulde be programmed to give my office mate's tennis ball a toss now and again it would be just about perfect.
 

#36
novacpa  
Posts:
297
Joined:
28-Apr-2014 1:16pm
Location:
Arlington, Virginia
makbo wrote:The tingler - "a parasitic creature that grows when fear grips its host. " Yup, sounds right
:lol:

It's jiggler not tingler - you won't find it in an Oakland adult store.
 


Return to Tax Prep: Important tips and advice



Who is online

Users browsing this forum: No registered users and 2 guests