Dear MYOB, Our own users are our weakest security link, since they have authorised access. Adequate password practice is to make passwords that are complex and more than 16 characters long. Forty characters is considered very good. Passwords could even contain emoji. However, several of my AccountRight users have stumbled at the very earliest stages of getting set up to use AccountRight because they could not form a password that satisfied MYOB password rules. Searching MYOB and the community forum for "password rules" turns up nothing relevant. Experimenting - which could also be called hacking - shows that MYOB will accept 8 character simple passwords. I don't know what the minimum might be. The thought that companies and individuals with serious amounts of money could use short and simple passwords alarms me. I accept that very long and complex passwords are difficult for users. Even so, could you please consider offering a Higher Security bunch of settings that would require such passwords?
... View more