Update -Improved Security- 2FA changes
We have recently taken measures to deliver new security functionality to provide contextual and adaptive multi-factor authentication (MFA) controls. As a result, MFA now takes into consideration a ra...
Forum Discussion
I had a(nother) call from MYOB where the assistant called and tried to solve the issue by Teamviewer today.
The assistant tried basically exactly the same thing as the previous however-many-times someone has called to try to resolve the issue, but to no avail.
There was then a suggestion that they could change the browser settings on one of my PCs so that that PC asked for the 2FA when logging in.
I noted that this isn't fixing the security issue, it is just going to give me the perception the issue is fixed when I use that one PC (but not my other PCs). That is even riskier as it gives me a false sense of security that the system is secure when it is, in fact, not. The biggest risk is that I use a new computer thinking the system is secure, but that new computer is not tinkered with accordingly, and the security breach propagates to yet another computer.
It is very concerning to wonder how many computers out there have this security issue on them that people don't know about.
It seemed as if the person who called me today had not spoken to any of the previous people who called me, so followed the same checking process, and arrived at the same outcome which was "just want longer for us to fix it". No time frame can be given for how long that might take.
I am losing faith that MYOB are taking the security of their system seriously. There has been a gaping security hole in their platform, which keeps extremely sensitive data in it, for nine months, and the phone call I get entirely lacks progress with no new ideas, suggesting there has been no meaningful internal communication over the issue.
Has anyone else had any progress whatsoever on these security issues?
It is not clear to me if I am the only one having this issue. It certainly feels like it, given it seems to be new information when I tell them the issues - as in, each time I have to explain the details of what is happening.
Unfortunately, I think it is time to investigate what it looks like moving to a new provider. I will be looking at pricing, how hard it is to move, and whether the move can be done in a secure manner whilst moving to a more secure provider.
PS To be clear, the technician who called me today was lovely, knowledgeable, made good suggestions with good ideas, and had a great temperament, so I don't blame them and they have done no wrong. But something out of their control is happening at the organisation, which means their technicians are starting fresh each time they call, and no updates to the software/system are made. It is a recipe for repetition without progress, which is not acceptable for security holes.
Hi, you're not alone. I've just tested mine, and it looks like I can jump straight back in after closing if I'm within that 12 hour window of having last signed in. I don't notice because I'm in there all day and don't share my laptop but I can certainly understand it's a huge concern.
I can confirm I'm also experiencing similar frustration with another feature that I've reported isn't working correctly. They keep telling me it's fixed but it's not, but I can't get anyone to confirm if they've been able to replicate it at their end or not. There was a time agreed for someone to call and do a teamviewer session but they didn't call. Have just received another email this morning trying to organise another teamviewer session... Not holding my breath.
