Onvio login security overview

Thomson Reuters is working in partnership with the IRS to meet requirements that help strengthen security for all tax-related software.

Security enhancements

  • Password strength: As defined by the IRS, a strong password contains a minimum of eight characters, with at least one uppercase letter, one lowercase letter, one number, and one special character. The IRS requires that passwords expire after no more than 90 days.
  • Timeout period: After 30 minutes of inactivity, Onvio will time out and you will be required to re-authenticate using your credentials — although access is suspended, the operation of the application is not, so processes such as long print jobs will continue during the timeout.
  • reCAPTCHA: This additional security feature helps verify that a human user, rather than a robot, is attempting to log in.
  • Multi-factor authentication: Thomson Reuters provides multi-factor authentication through the Thomson Reuters Authenticator app, the Thomson Reuters Authenticator card, and accepts TOTP-compliant third-party multi-factor authentication apps. See Determine which multi-factor authentication option is right for you to learn more about these options.

What is multi-factor authentication?

Many of your online accounts or software applications are currently protected by a login and password. That password is the single factor in the authentication process — the way that those applications or services confirm your identity. Unfortunately, passwords are easily stolen or hacked, which means that the accounts and data behind those passwords are at risk.

Multi-factor authentication adds at least one more layer of identity verification to that process so your protection against hacking and fraud attempts is stronger and more secure than a simple password. That additional factor can take many forms, such as a physical ID card, a digital confirmation code, or even your fingerprint. You're using multi-factor authentication every time you pay a transaction using a debit card or when you withdraw cash from an ATM: your PIN is one factor and the card itself is another.

The availability of some or all of these features depends on the applications your firm has licensed and the permissions your firm’s administrator has enabled for you.

Internal Employees: Submit HHTC feedback


Was this article helpful?