Strong password requirements

At TaxDome, protecting your personal and financial information is our top priority. We work with accounting, tax, and bookkeeping professionals around the world—and we understand how important it is to keep client data secure.

Recently, you may have been asked to reset your password when logging into the TaxDome client portal. This is part of ongoing improvements we’re making to protect all users and accounts.

Stronger Password Standards

We’ve raised our password complexity requirements to meet the latest security best practices. If your current password doesn’t meet the new standards, you’ll be prompted to reset it.

To ensure your password is secure, it should include:

  • 12 or more characters
  • At least one uppercase letter
  • At least two numbers
  • At least two special characters (like !, $, %, etc.)

Weak example: Abc123
Strong example: T8r!Zk4$gN72#bl

Most browsers offer password generators, and we recommend using those or a trusted password manager to create a strong password.

Why Some Passwords Are No Longer Accepted

As part of our security protocols, we check passwords against a database of publicly exposed credentials to ensure they haven’t been used in known data leaks.

We use resources like Have I Been Pwned, a widely trusted site that tracks email addresses and passwords found in publicly available breaches from unrelated websites or services.

If your password is found on one of these lists, we block it—even if it’s still working—because reused or exposed passwords are more vulnerable to automated attacks. This helps prevent unauthorized access and ensures your account is better protected.

You can visit Have I Been Pwned at any time to check if your email address has been involved in a known data exposure.

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of protection by requiring a code—typically sent to your phone or generated by an app—along with your password.

Some firms may require clients to use 2FA when accessing their portal. Even if it’s not mandatory for you, we strongly recommend enabling 2FA wherever possible. According to Microsoft, enabling 2FA blocks over 99.9% of automated account attacks, making it one of the most effective ways to protect your information—even if your password is compromised.

If you sign in to TaxDome using Google SSO, you're already protected by the 2FA settings on your Google account. This means you benefit from additional security without needing to enter separate codes when accessing TaxDome.

To enable 2FA in your TaxDome account, follow the steps outlined in our client help article: Two-Factor Authentication (2FA).

Our Ongoing Commitment to Security

TaxDome is SOC 2 Type II certified, which means our platform is regularly audited for security, availability, and data protection practices.

In addition to stronger passwords and 2FA, we continue to roll out updates that include:

  • Session resets as part of routine security improvements
  • Blocking passwords found in public data sources
  • CAPTCHA and rate-limiting protections
  • Partnering with Cloudflare for enterprise-grade network security

These are just a few of the ways we work behind the scenes to keep your information safe—and we’re always improving.

What You Can Do

  • Use a strong, unique password for your TaxDome account
  • Enable two-factor authentication wherever possible
  • Avoid reusing passwords across different sites
  • Be cautious with email links—log in through your firm’s official TaxDome portal
  • Use Have I Been Pwned to check if your email has appeared in past data exposures
  • If something doesn’t feel right, reach out to your firm or our support team

Thank you for using TaxDome. We’re proud to support your accounting team and committed to keeping your information secure every step of the way.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.