Howdy,
I've just received the email saying we will now be logged out of MYOB if we don't use it for 20-30 minutes, then we have to manually type in our email address and password - again.
While I'm sure we all appreciate the pressures on data security, I think this is way too quick to log people out, much less having to type passwords over and over during the day.
I run a small business with 5 fulltime staff, I get called away to help with things and help them get work done, take phone calls, attend online meetings, this means I'm probably going to have to log in 4-5 times per day, and I'm of the opinion typing in your password would leave you more vulnerable to attacks than having a software package open on your desktop.
2 hours and you're logged out maybe, 20-30 minutes is crazy.
Thanks,
Jason
21 Comments
Secure how????? when most are the main users at least give the option of being able to switch this feature on or off. very very inefficient when being logged off every 2 to 3 minutes even though dont need 2FA still need to re logg on- so just adds to inefficiencies to the boss, users and employees who need to work effectively....i can understand after an hour or so but this really not efficient.
- Status changed:NewtoClosed
Hey JRFisher
These changes were done to keep your account secure. I've closed this idea as it's unlikely we will explore changing the login requirement.
Hi JRFisher , transparency when we know that something cant or wont be done should provide a better outcome for our community members.
It would of course be easier to leave the idea open, say we are 'looking into it' or variations of this knowing there would be less negativity. But we want to be upfront.
Both the 24 hour 2FA and our inactivity timeouts are mandatory requirements rather than purely decisions from MYOB. We've worked with the ATO to deliver these changes in line with their requirementsAwesome, so you’re doing something your customers don’t want, not listening to the issues, implementing a system which is less secure, shutting down any chat around it, then blaming the ATO who pay you how much for your product?
Hi dramafarma , we have only closed this post as it is in our ideas exchange. And because these changes are a mandatory requirement - they are not able to be changed.
However we are still very much open to feedback and discussions. There are multiple threads in the forum happening including responses to my pain post hereI also want to confirm, that the inactivity timeout does not require 2FA
This is a login only requirement and you will need to do your email and password.
IF you are inactive between 20-30mins. It is not something that will be prompted every 20minutes if you are active in the software as your comment indicates
Find out more:We should be given the ability customise security settings with options for short time periods and custom time periods, or turn off altogether. This was one reason why I praised MYOB over Xero - not having to log back in all the time - ADVANTAGE LOST!
I love how MYOB wash their hands of it - "it's not us, it's mandatory" i.e. the ATO. What a cop out.
What MYOB is really saying "our software isn't safe so it has to be turned off every 20 minutes"
find this constant having to resign in a annoyance....im the only one using the computer...can we have the option to disable it....i can just deal with having to do the authenication every day (annoying as it is) but to have to keep constantly sign in is time consuming....i can understand in a big organisation. we have only one person in a home office using MYOB....or allow us to increase how many times we have to sign in.
again, this is lunacy. myob just don't want to listen to customers. give us the ability to set a timeout, or disable it. or set it to 1 hour. 30mins is insufficient. everyone is security conscious and have other security policies in place to mitigate risk.
