Blog Post
Hey cramptons
You will still be able to use email as an authentication method if you've set it up previously. This change means that users must have SMS as one of their 2FA methods.
Which, judging by a lot of the comments on here, most people don't want to be forced to use SMS. We certainly don't
PowerC Correct, especially because SMS is less secure than existing forms of 2FA (authentication apps). MYOB forcing this change is actually weakening the security chain for those who do use authentication apps.
This requirement is completely unworkable for our business.
It is not feasible for us to allocate a single, dedicated mobile number for account authorisation. If that individual is sick, unavailable, travelling overseas, or otherwise unreachable, we are effectively locked out of our own account. That creates an unacceptable operational and business continuity risk.
We need an authorisation method that supports multiple authorised users or provides a practical fallback option. Many businesses do not rely on a single person being available at all times, and this current setup does not reflect real-world business operations.
Hi IFMsolutions,
This setup aligns to how businesses typically operate day-to-day. In MYOB, 2FA is enabled per user, so each authorised person has their own login and sets up SMS 2FA on their own profile, rather than everyone having to depend on a single mobile number or individual. This helps keep access secure, visible and makes it easy to update user permissions as roles change.
