Better account security with two-factor authentication

MYOB Staff Post Erik_V
22 Posts
MYOB Staff Post

Two-factor authentication is an easy, practical way to increase security for you and your online data. Here’s how it works and what it means for your business.

 

What is two-factor authentication?

Two-factor authentication (2FA) is a secure sign in process that combines something you know (your password) with something you have (your mobile phone) to ensure that you - and only you - can access your account.

 

Check out this short video for an overview of MYOB’s two-factor authentication.

 

Why do I need 2FA?

Usernames and passwords can be stolen by phishing scams or other online security breaches. Securing your account with just your login details may not be enough to protect the sensitive, valuable information in your Essentials business.

 

But why risk it? With 2FA enabled, your entire login process is only seconds longer - but exceptionally more secure.

 

Sounds great! How can I get 2FA on my account?

When 2FA becomes available for your account, you’ll be prompted to set it up when you next sign in. If you missed the prompt, don't worry! You can turn on 2FA from the Security Centre at any time. Click here to access your Security Centre.

 

Turn on 2FA from your Security Centre.Turn on 2FA from your Security Centre.

Haven’t been prompted yet, and don't see the 2FA option in your Security Centre?

We're rolling out 2FA to every MYOB account over the next few weeks. Want to jump the queue? Fill out this form to get set up sooner.

 

Where can I find more information?

For more information on what this means to your business or accounting practice, start by reading more about MYOB’s 2FA in this post on The pulse blog: The cheat’s guide to two-factor authentication

 

For more information about turning on, signing into, or managing your 2FA, check out the two-factor authentication online help.

6 Comments
Experienced Cover User gcdjrl
21 Posts
Experienced Cover User

I dont want to use two-factor authentication at all EVER.  Please tell me how to disable the messaage I get every time I log in.  

MYOB Moderator Neil_M
5,061 Posts
MYOB Moderator

Hi @gcdjrl

 

Thank you for your question.

 

We do recommend turning on the two-factor authentication to keep your online file as secure as possible. If you would like to the two-factor authentication off however, then I recommend you have a look at our help article Turning off two-factor authentication. This article does step you through how to disable this additional security measure.

 

Please note that to disable two-factor authentication you do need to have set it up initially to be able to disable it. Once disabled however then there shouldn’t be any further prompts for the two-factor authentication.

 

Regards

Neil

shortred
3 Posts
Cover User

MYOB mods,

 

Before you dismiss such requests, please understand that there are many places in a country as wide as Australia where MOBILE SIGNAL DOES NOT WORK.

 

Apologies for 'shouting' but MYOB, ATO, banks and many other large, city based organisations need to recognise that the technology being foisted upon your members is disenfranchising the most remote and unsupported users. I live in an area with minimal and highly unreliable mobile service, landlines which won't hold dial up much less DSL, and even TV signal which doesn't work if the wind blows from the wrong direction too strongly. All this, and less than 200km from MYOB 's Burwood office. Internet is only possible since the launch of the most recent satellite (hallelujah!).

 

This has caused me to restrict my choice of financial institutions because I can't make payments when I can't receive the SMS code. Please note that, and recognise that I and others will be forced to cease using and recommending MYOB products should this trend become entrenched. Find another way that doesn't rely on third party services which are not universal.

 

 

MYOB Moderator Steven_M
19,798 Posts
MYOB Moderator

Hi @shortred

 

Thank you for your feedback in regards to MYOB Essentials.

 

Most organisations, such as MYOB, use a mobile based system by the means of identifying users and/or approving functions. This is a common based security measure used in today's society.

 

In terms of two-factor authentication, while we would encourage you to use two-factor authentication, there are circumstances when enabling that may not be the most suitable option such as having poor mobile coverage. As such the system has been designed to be an optional feature, at this point in time. You are welcome to disable that option if enabled as per Help Article Turning off two-factor authentication.

shortred
3 Posts
Cover User
Steven, 
 
In fact, that is not correct. It is not MOST organisations who use mobile based systems - many use authentication devices, government systems (presently) use AUSKEY. There ARE other choices. Your response gives absolutely no confidence that MYOB is concerned about this disenfranchisement of part of your customer base or that any other alternatives are being considered. Further, you note 'an optional feature, at this point in time' which gives clear warning that MYOB intends mandating this method, a method of delivery which is third party, not universally available and subject to changes outside of MYOB's control.
 
Neil's advice that you must enable two factor authentication in order to disable it boggles the mind.  How can I disable it If I can't receive the SMS to enable it? It is worth mentioning that the page 'setting up Two Factor Authentication' says to make certain your phone is near - but does not mention to ensure it has service.
 
I can only say again - please don't implement systems which are unachievable to parts of your customer base. Or at least have the fortitude to say so directly.
 
 
MYOB Moderator Steven_M
19,798 Posts
MYOB Moderator

Hi @shortred

 

Thanks for the additional feedback

Based on my personal experience, the general shift is to move to user authentication through mobile devices. However, as you have mentioned, there are other methods of authentication such as through email verification or through another reference code such as AUSkeys. MYOB uses authentication through mobile devices as it combines something you know (your password) with something you have (your mobile phone).

 

My comment referring to it being an optional feature was to merely indicate that current two-factor authentication is not a mandatory feature. To my knowledge, we don't have any immediate plans to enforce two-factor authentication on users.

 

I assume @Neil_M was referring to the initial prompt that does appear notify clients about two-factor authentication. When you do sign into your my.MYOB account login you will be greeted with a prompt notifying you that two-factor authentication existing and would you like to use it. There is the option to select Remember me later/Not now, that prompt will appear again after a number of days to alert you to the fact. If you have the prompt and wish for it to go away or have enabled it and wish to turn it off you would be looking at that Help Article linked.


Edit: MYOB uses an authenticator app instead of SMS because authenticator apps can generate a 2FA verification code without mobile network coverage, so you can access your MYOB account anywhere, anytime. Google 
Authenticator doesn't require a fixed mobile network coverage i.e. the phone can be in flight mode.