Blog Post
Hey sstteevvee
Having SMS as a 2FA method will be mandatory for all customers who use MYOB Business and Connected Ledger software. Customers on other software will be included soon, but can still take the steps to set up SMS 2FA now.
I quite understand what MYOB is doing, and the mandatory nature of it. This does not need to be explained repeatedly, and is the core part of the issue that some your users are trying to communicate to you on this forum.
You also ignored my question in your "reply", where I suggested a possible compromise/workaround to the issue.
Your staff are avoiding the queries regarding why MYOB is making a poor choice security-wise. MYOB has not once even acknowledged, let alone addressed, the honestly held concerns of the many people who are raising this issue.
Key points:
1) No 2FA is bad 👎 (we all agree on this)
2) SMS 2FA is ok-ish 🤷 (better than nothing)
3) Authenticator 2FA is best ✨ (industry best practice)
4) Authenticator or SMS is only as good as the weakest link, thus only ok-ish 🤷
4b) MYOB pretending otherwise undermines it even further, and quietly teaches bad habits and beliefs to users who aren't knowledgeable in this field 😡
Hey sstteevvee It would seem that on here they just don't want to acknowledge the poor choice at all. I'm also working on some other avenues of communication to try and get some understanding of what the thinking is here. I will post here if I get any feedback at all. But I 100% agree with your comment. It feels like we're going backwards here and MYOB just want to ignore it.
