Blog Post
Thanks PalletcoSA , that appears to be a browser summary rather than direct messaging from the ATO
I was able to pull up the same summary and clicked on the references it has pulled to generate that information and it seems to come from their scam alerts page
This is in reference to SMS scams, rather than the use of SMS as a 2FA method
You can take a look at the page linked here and below.
https://www.ato.gov.au/online-services/scams-cyber-safety-and-identity-protection/scam-alerts
Thanks PalletcoSA , good find.
This article does highlight recommendations for businesses that are looking to implement security measures in their business.
As per your image, it does state that businesses 'may want to avoid' methods such as SMS.
But it would be misinformation to claim that "the ATO does not recommend SMS" as has been mentioned multiple times on the forum.
The good news is, that we have both provided links to information that the community can use to learn more (and I thank you for that)
Regards, MikeAs per my comment elsewhere in this thread, the ATO already recognize SMS as a weak form of 2FA, and it is misinformation to state otherwise.
As per your image, it does state that businesses 'may want to avoid' methods such as SMS.
But it would be misinformation to claim that "the ATO does not recommend SMS" as has been mentioned multiple times on the forum.Now why would the Australian Government Cyber Security state the business 'may want to avoid' a particular method? Because it actively weakens the accounts 2FA posture!
And with all due respect, I would trust the team & resources over at http://www.cyber.gov.au who are security professionals, over MYOB's take of "It'll be fine, trust us"
