I get the impression from some of the posts here that two-step verification, requiring a code to be sent by phone every time the program is opened, is a default from which some users don't know how to opt out. 

Yesterday I had to open the 2017 program.  When I was forced to change my current password, it also automatically changed for the 2019 program.  But 2017 still uses the password from back then.  Of course I don't remember it but the program stored a hint that I had entered.  So I got into 2017, but then I think I also had to use the current password.  The program worked fine but it wouldn't print on my current printer, even though I changed the setting.  But it did save a pdf, which I then could print.  

I worry more about a smash-and-grab thief taking the whole computer from my office in the five minutes before police respond to an alarm.  It's easy enough to decode the encrypted files, once you have the machine.  The real concerns are how much security Intuit has for its servers, and whether IRS has any more security than the other federal government agencies that have been hacked.