Hi everyone, I’m updating this post (2:30pm AU 21/11/24), as there have been a lot of comments and engagement in the change. With over 100 comments on the post, we are starting to get the same q...
Updated 19 hours ago
Version 4.0
Blog Post
Good morning MickyH75 ,
MYOB is doing what we can to provide security improvements that prevent unauthorised access to our customers software.
We are also ensuring that we are meeting all of the ATO's compliance requirements and continue to apply best practice security process to all of our software.
We are making this change easier for our customers by introducing the ability to have multiple methods of 2FA, and I recommend that you head to myaccount.myob.com to set up a secondary 2FA method as soon as possible.
2FA has always existed with our software and we don't provide the ability for customers to choose how this operates so that all of our customers are secure and meeting regulatory compliance standards.
The short version of this change is that previously, you had the option to 'trust this device' for 30 days, but from the 30th, this will no longer be available and 2FA will be required at least once every 24 hours.
Can you link the "regulatory compliance standards" that require 2FA and the "the ATO's compliance requirements".
I suspect this is just waffle from MYOB to stop people looking further.
I certainly do not have any compunction to comply with the Australian Tax Office compliance in NZ and I find it hard to believe that they have legislated a requirement for MYOB to make sign on so laborious.
Hi CatFH
Here is the guideline from the ATO for all DSPs (Digital Service Providers)I definitely understand that as an NZ customer, it may be frustrating to be held to an Australian regulation, but we see security as essential for all of our customers, regardless of the country you are in.
I would argue that this part of the requirements is more applicable to MYOB
For those that wish to read the whole list of requirements I found them here:
https://softwaredevelopers.ato.gov.au/RequirementsforDSPs
Hi MikeG1 I could understand if this was rolled out just for the browser version but to make it for the desktop version as well seems over the top. We use SAP B1 for one of the companies in the group and it doesn't even use 2FA.
Hi MickyH75 , there are a couple of extra points I can clarify here.
Thanks for your questions, I will update our main post about this change as well.
2 key messages/updates:- 2FA is prompted on login to your account, and not for each file
So changing between your 21 files after you have signed in, will not prompt for any further 2FA verification - This is only for online files
The comms does mention AccountRight Desktop, but we neglected to be specific this is only for online, if you have using a local, offline, desktop file in AccountRight you may not be prompted for 2FA
MikeG1I assumed it would be for log in only but still painful and it seems I'm not the only one that finds this unnecessary based on the comments on one of the other threads. We use Desktop but our files are online as we operate across multiple sites in different states and it saves having to connect via vpn between sites.
- 2FA is prompted on login to your account, and not for each file
Why are you avoiding the multiple questions asking the the last used email address is remembered on the desktop version?
This changed about a year ago and drives us made having to type in the email address each time.
We use MYOB as a point of sale on 6 different computers. Now we will be having to waste several minutes multiple times a day with customers standing in front of us. You can be assured that we will let our customers know that MYOB is to blame the slow service.
Good morning perkyone , I have good news. Specifically for the inactivity timeout, the email for the user will be prefilled when signing back in.
Apologies that I previously said this was only for browser, it is for desktop only.
Your team will only need to enter their passwordHi,
Ok, i have read the articles regarding this new user unfriendly security. I do feel 20-30 minutes is extreme, also we have trade only Myob's at our retails stores which have no payroll and no access to the ATO. Period! they are only trade and the sales and purchases are exported and imported into the main Accounting Software are the end of each day. I tried to enter a new sales person last week and was not able to. I have to update the Trade Myob's to yes they have payroll which is not true to be able at add a sales person which is part of the process when entering a sale. We are multi company and i have at anytime up to 7 or 8 myob files open during a day. Only 3 of the Accounting company file run payroll.
THIS HAS NOT BEEN THROUGH OUT!!!!!!!!!!!!!! I love it when software/accountants who actually who make these rash decision do not have any experience at the cold face of business.
I will be looking into other software prior to the start of the next financial year.
Having a customer walk up to be served and kept standing there while sales personal need to log back into myob makes no sense, especially when these trade only myobs DO NOT HAVE THE PAYROLL FUNCTION OPERATING. This will effect up to 20 users at our company in any one day.
