I've just received an email, telling me we need to set up 2FA by 30 September. In order to get 2FA you need to either use an app or get an SMS.
We have Account Right set up on a shared computer at work. Its all one login for 3 soon to be 4 people as its used as a POS. One of my employees does not use a cellphone. and 2 others are not very computer literate. So how are they going to be able to log in without using 2FA?
Hi Mike,
thanks for your reply. We are NOT going to set up an individual login for every individual. all 4 of them work on average once a month or less. And as mentioned one of them doesn't even use a cellphone. Yes I have a 2FA set up. But currently I only have to use this when logging in online. I have never used it when logging in on our PC programme.
What are our options? Can't we get a 2FA via an email? that is what we currently do on the 30 day cycle. I am not wanting to be called every single day someone needs a 2FA.
Hi Verdant - all people who access your file should have individual logins and not use a shared login.
Currently, all users associated with a file are required to have 2FA enabled, so the change being announced is that the frequency of 2FA is changing and will now be required at least once every 24 hours.
The login you are using will already have 2FA, you only need to be prepared that this will be requested more frequently than you are used to now.
I would recommend that you have each person set up with their own login, and they will be required to have 2FA as well.
Hi Verdant ,
It is of course your decision to continue having the team share a login, but I want to confirm that it is MYOBs and the ATOs guidelines that there are no shared logins.
Regarding the method, you can continue to use email 2FA as this is already set up. We highly recommend having a secondary method (SMS is great) so that you have a back up option available.
If for example, you were unable to access your emails or you couldnt receive the 2FA email, you would then have the secondary option of using SMS.
This is also especially helpful for accessing My Account where you can manage your 2FA preferences without needing to contact MYOB.
As you said, you currently do email 2FA on a 30 day cycle.
The notification you have received is more around the frequency of 2FA.
Instead of every 30 days, this will now be at least once per day (every 24 hours)
Is email always going to be an option for 2FA for new staff accounts going forward? Or, will we need to require staff to have a phone for work use when employing new people?
Using a phone isn't ideal at all. I don't see how SMS is any more secure than an email. Someone could steal your phone, and a notification pops up on your screen with a code. Accessing email on a PC requires firstly to be able to login to the PC and then a further log in to emails.
Having requirements for staff to use their own personal phone for such things is not fair to them. We'd have to compensate staff or buy a shop phone just to get into MYOB. Yet another cost to small business. After 18 years of using MYOB this might be deal breaker for us.
Hi Verdant , 18 years is no small feat!
Congratulations of this milestone for your business and your partnership with MYOB, thank you.
To try and add more, the SMS and authenticator app for security is best practice globally.
Many businesses don't have logins on their PCs & Laptops (or individual logins for that matter).
PCs and Laptops are easily and typically shared just as much as emails are.
However it would be incredibly rare to find a phone that does not have a pin, thumbprint or facial recognition lock to access.
It is also a common occurrence to need to use a personal phone for 2FA.
When using SMS, there is little to no overlap between work and personal as they would simply be receiving a text with a number that they need to enter into the software (I do this myself for all of our MYOB software).
I'm sorry to hear that this change could become a deal breaker for you. If you have any more questions about the change, let me know here or via a direct message
