Blog Post

MYOB Announcements
2 MIN READ

Secure your account with SMS two-factor authentication (2FA)

Mike_MYOB's avatar
Mike_MYOB
Community Manager
6 months ago

Hi everyone, 

We’re introducing an important security update to your MYOB login.

Data security is our top priority. To add an additional layer of security and help protect your account, we’ll soon require SMS to be set up as one of your 2FA methods.

 

Having SMS as a 2FA method will be mandatory for all customers who use MYOB Business and Connected Ledger software*.
We are communicating this change to our customers in smaller groups. The first group will be receiving an email and in product message on the 18th of August and will then have 30 days to set up SMS as a 2FA method.
*Remaining customers on other software will be included soon, but can absolutely still take these steps to set up SMS 2FA now.

 

What do I need to do?

For a smooth login experience, please ensure you have an up-to-date mobile number on your account and have SMS selected as an authentication method. 

You don’t need to wait for the email and in product message, you can get this set up now!

Follow the instructions below.

 

How to enable SMS two-factor authentication 

  • Log into My Account at https://myaccount.myob.com 
  • Click your username in the top-right corner and choose Account security. 
  • Under Authentication, click the Add (>) button next to SMS and follow the instructions. 

Customers in Australia can find more detailed instructions here
Customers in New Zealand can find more detailed instructions here.


Want more info? Here are some frequently asked questions.

  • How does SMS 2FA work?

    Enabling SMS 2FA lets us send a one-time code to your mobile phone via text message when you log in. This extra step helps keep your account secure by making sure it’s really you trying to sign in, even if someone else knows your password. 

 

  • Already have SMS 2FA? 

    We recommend setting up an additional method like an Authenticator app.  That way, if you lose access to your main 2FA method, you can still log in without needing to contact MYOB.

Learn more about logging in and two-factor authentication. 

 

What happens if you don’t set up SMS 2FA by the  due date? 


To keep your account secure, we strongly encourage you to set up SMS two-factor authentication (2FA) now. It should only take a couple of minutes. 

If it’s not set up before the due date for your cohort, your account will be locked and you won’t be able to access your files until SMS 2FA has been enabled.  

Published 6 months ago
Version 1.0
announcements

91 Comments

Show More
  • shortred's avatar
    shortred
    Trusted Cover User
    1 month ago

    Adding my voice to this - totally agree about SMS being a VERY insecure method.

    However does MYOB in its lovely urban office consider that not everyone even has access to mobile phone signal, or that mobile phone signal is not exactly reliable the further from urban centres you go?

     

    Reasons why mobile signal is not sufficiently reliable include:

    It does not go everywhere. Extreme rural areas or areas with challenging geography (hills!) impact signal reception. Actually, this one doesn't even have to be rural or remote - there are plenty of places in metropolitan industrial areas where mobile phone signal isn't reliable, although for those, it's generally a matter of walking a few metres. Not so much for us outside the metro area - I have to drive to the top of a nearby hill to get SMS at a couple of workplaces.

     

    Mobile phone towers have AT BEST a battery life of 6 hours. Multi-day power outages are becoming almost commonplace only a couple of hours from Melbourne. We survive with generators and Starlink, because we can be without power AND mobile phone signal for days. At the moment, that's okay because I can get online to work - but I can't get an SMS code in some places, even to do banking. Paying even wages on time has only been possible because a bank signatory was in Melbourne - what if that client had no extra signatory? Many small businesses are sole operators or partnerships without someone geographically distant not experiencing the same natural disaster. 

     

    In holiday areas in particular but generally speaking out here where this is no service overlap between towers, peak periods can result in badly disrupted mobile availability. Telstra can and does adjust the power output from the towers during peak periods, which can have peculiar local results. it is not unusual to have no or very poor reception during those peak holiday periods if you are just outside the tourist area. SMS can take a lot long to arrive if they arrive at all, which results in the requesting application timing out. Then the application can lock you out for making repeated unsuccessful requests...

     

    So even though I consider mandating SMS as a 2FA method is lowering security rather than enhancing it, it's the physical aspect of no/unreliable mobile signal that is a hard barrier for some clients. Once upon a time, you could work offline and restore the file once power and connectivity was back, but that was lost a long time ago.

     

     

    • Mike_MYOB's avatar
      Mike_MYOB
      Community Manager
      1 month ago

      Hi shortred​ , although it is being mandated as an option, it is not being mandated as the only option for our customers.

      We would absolutely want and encourage our customers to have 2x 2FA methods available with SMS being mandated as 1 of these.

      So if you already have 2FA enabled via email, then you would be adding SMS as a secondary/back up method.

      Based on this, those who might work in areas with no reception, will still be able to access their accounts via their existing/second method

      Hope this helps to understand the update better - Mike

  • cramptons's avatar
    cramptons
    Trusted Cover User
    1 month ago

    Hi Mike,

    I need some urgent help.  I am the administrator of our account and login in with SMS code, all other users (employees) login with code to the work email, however, as of today, they are not receiving the code to their email????  I am away atm, however, I can login - remotely - with no issues.   Please help, as I now have employees unable to login to MYOB, and hence no work.