MYOB logon no longer requires 2FA

The_Doc
Ultimate Partner
1,537 Posts
Ultimate Partner
Australia
Ultimate Partner

1,537Posts

235Kudos

162Solutions

MYOB logon no longer requires 2FA

Hi Folks

 

Whilst this subject has, it seems, been done to death and MYOB refuses to address it - BUT!!!! 

 

 "why has 2FA logon into ANY of my online MYOB files" 

 

been deprecated/turned off

 

Since the introduction of MYOB's new security to users it has been an unmitigated shambles.

 

We run an online cloud service for medical practices ( 100s of them - 1000s of doctors)  and had we introduced  such shoddy logon procedures we would have been laughed at - and the screaming would have been heard this side of Timbuktu.

 

Not only have we upped our logon but we have gone 3FA 

 

YET - since MYOB introduced their updated SECURITY - I and all my staff have never again been asked for a 2FA code.

 

Myself - I have logged on from 3 different places in the country - odd and different IPs - a bnb in Brisbane - and I was only required to enter my password - no 2FA.

 

Please MYOB - this needs to be reported as a deprecation of security - why do you fail to explain things.

 

Where is the old 2FA procedure - minimum 2FA to secure your clients files!!!!!!

 

Please, please provide answers to the basic of security questions.

 

The Doc

5 REPLIES 5
Princess_R
MYOB Moderator
3,046 Posts
MYOB Moderator
MYOB Moderator

3,046Posts

108Kudos

462Solutions

Re: MYOB logon no longer requires 2FA

Hi @The_Doc,

 

Thank you for your post.

 

We understand your frustration with this issue, and your concern for maintaining security measures is entirely valid. We genuinely apologize for the inconvenience caused. With the recent changes, it's expected that the 2FA prompt should still be part of the login process. However, if you're not encountering this prompt after clearing your cache or attempting to sign in from different browsers or devices, then this suggests a potential discrepancy.

 

Rest assured, your security is paramount, and this discrepancy needs immediate attention. To delve deeper into this matter and ensure your security concerns are addressed thoroughly, we'll forward this to our specialized team for a comprehensive investigation. We'll also be reaching out to you via private message to gather additional details.

 

Thank you for your patience and understanding in this matter.

 

Cheers,

Princess

The_Doc
Ultimate Partner
1,537 Posts
Ultimate Partner
Australia
Ultimate Partner

1,537Posts

235Kudos

162Solutions

MYOB logon no longer requires 2FA - a deprecation in SECURITY

Hi All

 

I answer, now, my own post after MYOB have finally replied to my concerns in private replies.

 

My concerns were that the changes MYOB have made to the security of logging on to online files has changed - and these changes has actually DECREASED THE SECURITY of this process.

 

This forum echoed with the cries of users screams - "WHAT HAVE YOU DONE MYOB - the security is decreased" - and no real answers came forth from MYOB explaining the changes.

 

In essence - the changes that we all noticed

 

1. 2FA authentication requirement disappeared - and we were only required to enter our user name and password

2. that the username (typically the user's email) was no longer stored and remembered and had to be entered everytime ( this in itself I have no problem with and is actually an increase in security protocol - and does add a small level of secuirty)

 

However, the biggee was that 2FA disappeared.

 

MYOB never actually explained the changes ( to my knowledge)  and let us comment - the users.

 

As it turns out - in my private email from MYOB - which was polite, respectful and answered my queries quickly - finally) 

 

That the 2FA authentication does appear - however, only when you goto 

the 'SERVICES' tab and select 'Sign out from AccountRight Live' !!!! - and this appears to be correct! - end of STORY

 

NO!!!!!!

 

My reply - which MYOB acknowledged was correct - was that MYOB's improved security actually was a deprecation of secuity and LEFT our online files open to access with only a user name and password - i.e. the 2FA requirement had by default been cancelled/removed - or negated!

 

Why.......

 

Typically, and for years if your MYOB online file was left open, or you closed it by just clicking the cross top right or you selected in the tab FILE - EXIT ( which I do, as do all my staff)  - then accessing the same MYOB file within 12 hours ( if you ticked the 12 hr click box to not ask for credentials - BUT NOT THE 30D - we just don't use that - and forbid staff to do)  - then within the day you could click back onto the file and open  without 2FA/username/password.

 

If these parameters expired - which they did within 24 hours - next time you logged on you entered your password ( because your email was pre-entered) and you were asked for your 2FA - this secuirty was good, adequate and appropriate.

 

Suddenly it all changed - carryout these procedures AFTER MYOB updated their security - and BY DEFAULT - using EXIT/ click the X or time out - and by DEFAULT 

 

MYOB on line allows you back into any file, any client's file - with just the username and password

In my realm - a deprecation of secuirty procedures - a decrease of secuirty and yet we do not get told of this.

 

EXCEPT when everyone screams we just get told 

 

"YOU NEED TO NOW!!!!!! - SELECT LOG OUT OF ONLINE SERVICES" - !!!!!

 

OK then MYOB - if weese dumb users continue to select "EXIT"; or "X" or just leave it open to time out - PUT A DEFAULT reset in there that automatically logs us out of ONLINE SERVICES!!!!!

 

MYOB this really is a stuff up and a deprecation of security which needs notification to the appropriate agency.

 

Please FIX this and create a default that logs us out of on line services either in 24 hours - 7 days or 30D - if that user is using the same IP and the same computer.

 

THE DOC

 

acc_right_user
Experienced Cover User
15 Posts
Experienced Cover User
Australia
Experienced Cover User

15Posts

0Kudos

0Solutions

Re: MYOB logon no longer requires 2FA

Wow.  I too have the same issue and concerns.  Having to go to Services to log out is not sensible.  Please return 2FA default.

Princess_R
MYOB Moderator
3,046 Posts
MYOB Moderator
MYOB Moderator

3,046Posts

108Kudos

462Solutions

Re: MYOB logon no longer requires 2FA

Hi @acc_right_user,

 

Thank you for sharing your concerns about the log-in process. I understand your frustration and agree that having to go to services to log out can be inconvenient. We're always working to improve the user experience, and your feedback is valuable to us. I'll make sure to pass your feedback along to our team for consideration.

 

Your patience and understanding are highly appreciated.

 

If there's anything else I can assist you with, feel free to create a new post.

 

Cheers,

Princess

DuncanS
Ultimate Partner
1,924 Posts
Ultimate Partner
Australia
Ultimate Partner

1,924Posts

549Kudos

168Solutions

Re: MYOB logon no longer requires 2FA

@The_Doc @Princess_R @acc_right_user 

 

I am also concerned.

 

My understanding is that Xero sends a push notification to a mobile phone.

 

Would a Agent be in breach of TASA if a MYOB file was hacked and no 2FA was in place?

A MYOB Partner may face disciplinary action from the TPB.

 

There would also goodwill issues and most likely loss of the client.

 

Duncan

Duncan Smith
Business Advice + Tax
Helping business owners build a better business since 1998
E duncan@businessadvicetax.com.au T 02 9904 3672 7 days

Didn't find your answer here?

Try using advanced search to find a post more easily Advanced Search
or
Get the conversation started and make a new post Start a Post