How is everyone finding this extra layer of CRA security? I understand its use but we are finding it a bit painful right now and expectations are that it will only get worse as we get busier. During tax time, we access RAC very often and at different work stations…it will be difficult to monitor all “one-time passcodes” coming in and assign them correctly as per each RAC access demands.
Is it live now, I did not have this issue yesterday.
I was in this morning and it didn’t ask me for anything like that. What is it doing?
I was just in RAC site, no MFA challenge.
So is CRA just picking on me:-(
Multi-factor authentication to access CRA login services - Canada.ca
Maybe you can opt out of it. It sounds like you have to sign up in the first place which might be why the rest of us haven’t seen it yet. Or maybe we will shortly…
My understanding is the MFA is being rolled out over the next few months such that by mid summer all Individuals and Representatives will be required to use Multi Factor Authentication. At this stage I don’t think there will be any opting out.
1 Like
When I went through the process with CRA yesterday to get my account unlocked, part of the process was to set up MFA. How will it work when I use AFR for a T1? Yesterday, I e-filed 2 T2’s with no extra steps. Guess I’ll wait and see. I can see this being a real problem for a multi-person office.
@jhd.hemeon …the exact same thing happened to me…locked out - finally received letter - called to get unlocked - regained access…but the next day when we went back in we were faced with the MFA process. …and yes it a real problem.
So today, I finally bit the bullit and decided to do the RAC survey hoping for a chance to express my discontent…luckily there’s a space at the end for comments…here’s what I sent them :
EXTREMELLY DISSAPOINTED IN THE MULTI FACTOR AUTHENTICATION PROCESS. I HAVE A TAX OFFICE AND ONLY TODAY I’VE HAD TO ACCESS CLIENT FILES 5 TIMES…AND WE’RE NOT EVEN IN TAX TIME…IT IS NOT ACCEPTABLE TO HAVE TO WAIT FOR A CALL OR A TEXT EVERYTIME I NEED TO ACCESS “RAC”…WILL EVEN BE WORSE WHEN IT’S FULL TAX TIME AND WE’RE MORE THAT ONE TRING TO LOGIN. WILL BE VERY CONFUSING TO TRACK WHICH “ONE TIME PASSCODE” BELONGS TO WHOM.
I WOULD APPRECIATE A CALL BACK TO DISCUSS HOW I CAN REMOVE THIS PROCEDURE BECAUSE WE’RE BUSY ENOUGH THAT WE DON’T NEED THIS EXTRA LAYER OF STRESS.
1 Like
For the record: although CRA calls it “Multi-Factor Authentication” it is NOT true MFA. It is known in the business as “two-step authentication”. Why? Because it is NOT based on something you have other than a cell phone, which is easily spoofed with a Sim Swap.
True MFA comes from using a separate authenticator process like a Yubikey or an Authenticator App or token.
This is simply “security theatre” on CRA’s part and is virtually useless.
2 Likes
I got the impression that you could use either an Authentication App or the code to your cell phone.
If so, that would be excellent! (I’m not really holding my breath, given their track record though…)
CRA has advised the EAC that, due to concerns we raised with them, the rollout of the MFA system has been postponed until it has been re-tooled, and is not likely to be rolled out for this tax season.
The CRA indicated they will send out a lyris message next week with details on the postponed rollout of the MFA.
From an email from Steve Watson of the EAC.
1 Like
Maybe that explains why my account was locked today and I had to reset my password with no MFA question?
The EAC is suggesting that a MFA code should perhaps be good for a longer period, to cover an 8 hour day. Watson is offering them suggestions based on what the membership is asking for. The EAC is probably a good association for most of us to belong to. They seem to accomplish things.
Great, just great! Locked out again. Error 021. Called and there’s no room in the que. Call back later. Just peachy. Their so-called MFA was poorly thought out from the get go. For myself, it wasn’t too bad. But what happens when you have more than one person in your office? How do you get the code? And, as has already been pointed out, this is not MFA, but two factor authentication. They’re not the same thing. This is going to be a long, tedious 3-5 months. Probably just as well to go outside and wait to freeze to death. Or, wait for the coyotes.
Feeling sorry for those with RAC issues. 
So far, I’ve had no change with sign-in process or access to clients’ files. Neither any mention of MFA or 2FA. Business as usual… or maybe CRA just likes me… 
You would be well advised to check with local, provincial and federal “Wildlife protection regulations” before you undertake any interaction. 
Interesting, I just needed to click forgot password, enter my username, answer my four security questions and reset my passsword. No phone call required.
Were you already set up with MFA? I think that’s my problem. I’m set up for a system that CRA have eliminated. I’ve managed to get through twice today. First call, I was on hold about 2.5hrs, then got disconnected. Second time was 3 hrs and a message camt through “due to a technical problem, we cannot connect you to an agent. Call back later. Goodbye.” When they locked my account in January due to a possible data breach, I had no choice but to set up MFA. And now it’s come back to bite me. I’m rethinking letting the coyotes kill me. Maybe walk down to the beach and take a short walk into the Atlantic.
No, no, @jhd.hemeon, I would not advise such drastic action! I suppose you must be a little closer to the Atlantic than I am - I wouldn’t live to walk into the Atlantic. Try at 9am EST or 4:50 pm - before you take an other action. This too, shall pass - long before tax season is over. @joe.justjoe1 always has the right answer; perhaps he could help.