MYOBCommunity
Partner Zone
|
|
Partner Zone

Two-factor authentication for accountants firm and it impacts on accessing our clients files

Experienced User Yvonnev
10 Posts
Experienced User
Australia
Yvonnev
Experienced User

10Posts

3Kudos

0Solutions

Two-factor authentication for accountants firm and it impacts on accessing our clients files

Hi MYOB

 

Is there a more detailed fact sheet or white paper that we can go through to understand the impacts on our practice if our clients choose to use the 2FA security features. 

 

Specifically, we need to understand how our current practices of accessing our clients MYOB data files by accountants, managers and partners during the compilation of work and review process, will need to change and what those changes need to be. 

 

Currently on your website the only scant information is provided at http://help.myob.com/wiki/display/sec/Two-factor+authentication , which is more marketing of the feature rather than the indepth details that we need to understand how this will impact our accounting practice, clients and our employees. 

 

thank you 

8 REPLIES
MYOB Moderator MattN
682 Posts
MYOB Moderator
Australia
MattN
MYOB Moderator

682Posts

80Kudos

85Solutions

Re: Two-factor authentication for accountants firm and it impacts on accessing our clients files

Hi @Yvonnev

 

Thanks for your post - what an awesome question!  And one we've been seeing a lot lately in support.

 

The following link has a bit more info regarding two-factor authentication (2FA) and how it comes into play for Accounting practices : http://help.myob.com/wiki/display/sec/Two-factor+authentication+for+accountants+and+bookkeepers

 

A couple of key points to note:

  • 2FA is not required when you use your MYOB login to log into AE or AO software in your practice
  • clicking the "Live" icon in AE/AO will not prompt the user to use 2FA to authenticate
  • Accessing the partner.myob.com website directly (such as from your laptop, when visiting a client) will require 2FA authentication once it's set on for you.

Hope that helps!  If you have any further questions, don't hesitate to ask.


cheers,

Matt
Practice Solutions Product Specialist
MYOB Australia Pty Ltd
Experienced User Yvonnev
10 Posts
Experienced User
Australia
Yvonnev
Experienced User

10Posts

3Kudos

0Solutions

Re: Two-factor authentication for accountants firm and it impacts on accessing our clients files

Hi @MattN

 

Thanks for trying to provide more clarity over the 2FA changes, but the information you have in your link is the same marketing materials page I quoted in my original post, and it does not give me specific information that is needed for our practice to understand the implications this has on the way we need to do business should a client choose to activate 2FA. 

 

For example, we need to understand things like (if i am reading the scantly detailed marketing material correctly), each of our employees will all need to have their own login to the clients data file (no communial logins) that then has to be linked to their personal mobile phones. This means that we may need to either provide company mobile phones to all employees (including employees that do not have face-to-face contact with clients) or provide them with a mobile phone allowance. 

 

This is the type of indepth detail we need at an accounting practice level to understand how 'the way we do business' with our clients will need to change internally due to the IT changes for 2FA. This will especially be important as we perceive it is not unreasonable to think that in the future 2FA (or similar) will be mandetry and not an opt-in-opt-out option. 

 

Please, can we have more specific details, even if they need to be send via PM. 

 

Thanks. 

Contributing Cover User KAM054
5 Posts
Contributing Cover User
Australia
KAM054
Contributing Cover User

5Posts

1Kudos

0Solutions

Re: Two-factor authentication for accountants firm and it impacts on accessing our clients files

Following.  We need to know if moving to 2FA will attach to the user login only, or the actual client datafile.  We don't want to force 2FA onto the datafile if we are not the Owner of the file

MYOB Moderator MattN
682 Posts
MYOB Moderator
Australia
MattN
MYOB Moderator

682Posts

80Kudos

85Solutions

Re: Two-factor authentication for accountants firm and it impacts on accessing our clients files

Hi @KAM054

 

Thanks for your question.

 

2FA is set on a per user basis - ie: your my.MYOB login detail - not on a client's data file.  

 

So, even if the owner of the file has decided to not use 2FA yet, but you do, when you log into the owner's file, you will require 2FA to authenticate, because its enabled for your my.MYOB login - however, the owner would not require it just because you logged into the file and authenticated with 2FA.  

 

Conversely, if the owner enabled 2FA on their login, and they access a file, it will then not require you to use 2FA to access that file - although we would highly recommend it.

 

Hope this helps.

 


cheers,

Matt
Practice Solutions Product Specialist
MYOB Australia Pty Ltd
MYOB Moderator MattN
682 Posts
MYOB Moderator
Australia
MattN
MYOB Moderator

682Posts

80Kudos

85Solutions

Re: Two-factor authentication for accountants firm and it impacts on accessing our clients files

Hi @Yvonnev

 

Thanks for your reply - I understand your concerns.  the link provided in my original reply is not marketing material, but a help article explaining the 2FA is currently not being required for Accounting Practices.

 

 

ATO Requirements

The Australian Taxation Office requires that all systems that interact with Taxation, Payroll and Superannuation data and interacting with the ATO require 2FA by mid 2019.

 

MYOB are aware of the concerns raised in your post, and we are currently working with the ATO on the specifics around this - especially for Accounting Practices - especially with some scenarios such as :

  • A staff member not having a mobile phone or tablet at all
  • Practices not permitting staff to have their mobile phones with them at their desks
  • Staff members with mobile phones that are not "smart" phones

 

We do understand that the current 2FA options currently available might not be the right choice for everyone - therefore we are working on building new options right now before we make 2FA mandatory for all logins and we'll share this information once it's available.

 

Once I have more, I will update.


cheers,

Matt
Practice Solutions Product Specialist
MYOB Australia Pty Ltd
Experienced User Yvonnev
10 Posts
Experienced User
Australia
Yvonnev
Experienced User

10Posts

3Kudos

0Solutions

Re: Two-factor authentication for accountants firm and it impacts on accessing our clients files

@MattN

 

Thanks MattN, any additional detailed information would be very much welcomed as this will impact our practice greatly and we need time to plan and execute changes as well as deal with any additional financial impacts it will have on our firm. 

Trusted Partner JamesD
61 Posts
Trusted Partner
Australia
JamesD
Trusted Partner

61Posts

22Kudos

4Solutions

Re: Two-factor authentication for accountants firm and it impacts on accessing our clients files

I think a staff member should have a smartphone and that is much like their suit or dress or shoes, they should come to work with them. Time to move on, I would not give an allowance for it though, much like I would not give an allowance for them to wear ties or smart dresses. Let the staff member claim the incidental use of their mobile in their tax return if they are permitted to.

 

Some employers require car travel, but don't provide either a car, or an allowance as an example.

 

2FA authentication is a very good idea to protect this most important data we hold and is much more important than staff that do or don't have mobiles I feel. But maybe there is a way to set-up 2FA without the use of a phone, such as issuing tokens for new staff members like the banks do for their smart banking.

 

I think it is a good idea NOT to have 2FA on AE/AO because in most cases these should be being accessed through secure VPN's or similar.

Trusted Partner JamesD
61 Posts
Trusted Partner
Australia
JamesD
Trusted Partner

61Posts

22Kudos

4Solutions

Re: Two-factor authentication for accountants firm and it impacts on accessing our clients files

I also think that MYOB should make sure that they enable a Practice wide login process so that staff can be added in under the Practice to use a file i.e. if I employ Johnny ABC or Julie XYZ, I should be able to enable them to have access to a client file.

 

I know the major competitor to MYOB out there seems to struggle with this concept too and it gets really confusing at times telling the client to add somebody in, they've never met and don't know who they are.

Didn't find your answer here?
Try using advanced search to find a post more easily Advanced Search
or
Get the conversation started and make a new post Start a Post