You're barking up the wrong tree and 4 years late.

This is a requirement that came out of the IRS Security Summit back in 2016.  All tax software developers thereafter updated their products and made similar announcements to their subscribers.

https://www.irs.gov/newsroom/tax-professionals-protect-your-clients-protect-yourself-from-identity-t...

Yup, thank you.  It appears that we the customers do not have any control over the security of the programs.

Apparently IRS thought this was the case, so they mandated security be shoved upon us.

The *change* seems to run on a cycle, and it seems to be at least three months.  So manually change your password JUST before you get busy with filing season and you shouldn't have to change it during filing season.  Altho since it only takes seconds to change it, I haven't bothered to try my proposal as I don't find the process that onerous.

The fact that you have to enter the password multiple times when going thru the opening then updating of the program, and when opening multiple years is a bit obnoxious ( we were promised that wouldn't be the case).

What I notice though is that Intuit seems to have turned off those endless Captcha during the season but they came back with a vengeance right after that.  I now have to click through traffic lights, cars, buses, etc. multiple times before I could finally login most of the time.

Yuk... I haven't had to do that in a long time.  Now watch, I'll have to do it, multiple times, tomorrow at the office 🙂

Oops, I hope I didn't just jinx you. 😉

I wholeheartedly agree!! The captcha sequence is really frustrating, annoying, and time-consuming, especially during tax season.

The requirement to change passwords on a fairly frequent basis:

This is my basic methodology:

For example, for Quicken 2015:
Quicken requires one to set up an Intuit I.D. to use Quicken 2015 and Intuit also requires the same for
other Intuit products such as TurboTax, Quickbooks, ProSeries, etc.
Since I suffer from a short retention span, I’ve devised the following method which has served me well
over the years for all login, password sites. One starts with a login comprised simply of one’s full name in lower-case without periods. Example: For Mary Wana it would be marywana. For Jane Doe it would be janedoe, etc.

The password consists of a “universal” root, such as “123marywana” and an identifier for the particular
application (for Quicken 2015) “Quicken!”. So your password will read, “123marywanaQuicken!” This
will meet most password requirements of numbers, upper-case alpha, special characters, and minimum of 8 characters. Then for another site, my login would be “marywana” and password would be “123marywanaProseries!”

For frequently changed passwords, I simply add the password change date so that I can easily update for the next date change. Building on my previous example: “123marywanaProseries!” to update it I name it with the date of the current change, “123marywanaProseries! Oct 2020”, then three months later I would update it to “123marywanaProseries! Jan2021" and so forth.

I've found that even if I preempt the password change request and do it sooner, they still make me change it again on their schedule.