Forum Discussion

The_Doc's avatar
The_Doc
Ultimate Cover User
12 months ago

MYOB logon no longer requires 2FA

Hi Folks

 

Whilst this subject has, it seems, been done to death and MYOB refuses to address it - BUT!!!! 

 

 "why has 2FA logon into ANY of my online MYOB files" 

 

been deprecated/turned off

 

Since the introduction of MYOB's new security to users it has been an unmitigated shambles.

 

We run an online cloud service for medical practices ( 100s of them - 1000s of doctors)  and had we introduced  such shoddy logon procedures we would have been laughed at - and the screaming would have been heard this side of Timbuktu.

 

Not only have we upped our logon but we have gone 3FA 

 

YET - since MYOB introduced their updated SECURITY - I and all my staff have never again been asked for a 2FA code.

 

Myself - I have logged on from 3 different places in the country - odd and different IPs - a bnb in Brisbane - and I was only required to enter my password - no 2FA.

 

Please MYOB - this needs to be reported as a deprecation of security - why do you fail to explain things.

 

Where is the old 2FA procedure - minimum 2FA to secure your clients files!!!!!!

 

Please, please provide answers to the basic of security questions.

 

The Doc

  • The_Doc's avatar
    The_Doc
    Ultimate Cover User

    Hi All

     

    I answer, now, my own post after MYOB have finally replied to my concerns in private replies.

     

    My concerns were that the changes MYOB have made to the security of logging on to online files has changed - and these changes has actually DECREASED THE SECURITY of this process.

     

    This forum echoed with the cries of users screams - "WHAT HAVE YOU DONE MYOB - the security is decreased" - and no real answers came forth from MYOB explaining the changes.

     

    In essence - the changes that we all noticed

     

    1. 2FA authentication requirement disappeared - and we were only required to enter our user name and password

    2. that the username (typically the user's email) was no longer stored and remembered and had to be entered everytime ( this in itself I have no problem with and is actually an increase in security protocol - and does add a small level of secuirty)

     

    However, the biggee was that 2FA disappeared.

     

    MYOB never actually explained the changes ( to my knowledge)  and let us comment - the users.

     

    As it turns out - in my private email from MYOB - which was polite, respectful and answered my queries quickly - finally) 

     

    That the 2FA authentication does appear - however, only when you goto 

    the 'SERVICES' tab and select 'Sign out from AccountRight Live' !!!! - and this appears to be correct! - end of STORY

     

    NO!!!!!!

     

    My reply - which MYOB acknowledged was correct - was that MYOB's improved security actually was a deprecation of secuity and LEFT our online files open to access with only a user name and password - i.e. the 2FA requirement had by default been cancelled/removed - or negated!

     

    Why.......

     

    Typically, and for years if your MYOB online file was left open, or you closed it by just clicking the cross top right or you selected in the tab FILE - EXIT ( which I do, as do all my staff)  - then accessing the same MYOB file within 12 hours ( if you ticked the 12 hr click box to not ask for credentials - BUT NOT THE 30D - we just don't use that - and forbid staff to do)  - then within the day you could click back onto the file and open  without 2FA/username/password.

     

    If these parameters expired - which they did within 24 hours - next time you logged on you entered your password ( because your email was pre-entered) and you were asked for your 2FA - this secuirty was good, adequate and appropriate.

     

    Suddenly it all changed - carryout these procedures AFTER MYOB updated their security - and BY DEFAULT - using EXIT/ click the X or time out - and by DEFAULT 

     

    MYOB on line allows you back into any file, any client's file - with just the username and password

    In my realm - a deprecation of secuirty procedures - a decrease of secuirty and yet we do not get told of this.

     

    EXCEPT when everyone screams we just get told 

     

    "YOU NEED TO NOW!!!!!! - SELECT LOG OUT OF ONLINE SERVICES" - !!!!!

     

    OK then MYOB - if weese dumb users continue to select "EXIT"; or "X" or just leave it open to time out - PUT A DEFAULT reset in there that automatically logs us out of ONLINE SERVICES!!!!!

     

    MYOB this really is a stuff up and a deprecation of security which needs notification to the appropriate agency.

     

    Please FIX this and create a default that logs us out of on line services either in 24 hours - 7 days or 30D - if that user is using the same IP and the same computer.

     

    THE DOC

     

  • Hi The_Doc,

     

    Thank you for your post.

     

    We understand your frustration with this issue, and your concern for maintaining security measures is entirely valid. We genuinely apologize for the inconvenience caused. With the recent changes, it's expected that the 2FA prompt should still be part of the login process. However, if you're not encountering this prompt after clearing your cache or attempting to sign in from different browsers or devices, then this suggests a potential discrepancy.

     

    Rest assured, your security is paramount, and this discrepancy needs immediate attention. To delve deeper into this matter and ensure your security concerns are addressed thoroughly, we'll forward this to our specialized team for a comprehensive investigation. We'll also be reaching out to you via private message to gather additional details.

     

    Thank you for your patience and understanding in this matter.

     

    Cheers,

    Princess

  • acc_right_user's avatar
    acc_right_user
    Experienced Cover User

    Wow.  I too have the same issue and concerns.  Having to go to Services to log out is not sensible.  Please return 2FA default.

    • Princess_R's avatar
      Princess_R
      MYOB Moderator

      Hi acc_right_user,

       

      Thank you for sharing your concerns about the log-in process. I understand your frustration and agree that having to go to services to log out can be inconvenient. We're always working to improve the user experience, and your feedback is valuable to us. I'll make sure to pass your feedback along to our team for consideration.

       

      Your patience and understanding are highly appreciated.

       

      If there's anything else I can assist you with, feel free to create a new post.

       

      Cheers,

      Princess

      • DuncanS's avatar
        DuncanS
        Ultimate Partner

        The_Doc Princess_R acc_right_user 

         

        I am also concerned.

         

        My understanding is that Xero sends a push notification to a mobile phone.

         

        Would a Agent be in breach of TASA if a MYOB file was hacked and no 2FA was in place?

        A MYOB Partner may face disciplinary action from the TPB.

         

        There would also goodwill issues and most likely loss of the client.

         

        Duncan