Partner Zone

Update -Improved Security- 2FA changes

PriyaSelvaraj
MYOB Moderator
296 Posts
MYOB Moderator
MYOB Moderator

296Posts

50Kudos

15Solutions

Update -Improved Security- 2FA changes

We have recently taken measures to deliver new security functionality to provide contextual and adaptive multi-factor authentication (MFA) controls. As a result, MFA now takes into consideration a range of factors including user’s location, device & behaviour patterns to determine the level of authentication required.

By analysing contextual information like time of day and user location, our MFA can identify if additional authentication measures are necessary. This approach aims to reduce user effort, whilst maintaining a high level of security.

However, we have reviewed concerns raised by our customers.

What we’ve heard:

  • I want to be prompted for a login more frequently (7 days is not sufficient, unless I have the option to select this frequency)
  • I want to understand MFA and login requirements.
  • I want to understand my role in securing sensitive information.

What we’re doing:

  • Reverting login frequency to 12 hours. Users will be prompted to login after 12 hours, as they were previously.
  • Users can select "Trust this device for 30 days", however may be prompted more frequently if additional authentication is required.
  • We recommend users log out at the end of every session, via the product menu.

What you need to do:

We will provide further updates on these changes for all customer via our channels and MYOB Community Forum.


MYOB Community Forum

Online Help| Forum Search| my.MYOB| Download Page

Did my answer help?

Accept it as a Solution
Leave a to tell others

59 REPLIES 59
melbdesk
Experienced Cover User
20 Posts
Experienced Cover User
Australia
Experienced Cover User

20Posts

28Kudos

0Solutions

Re: Update -Improved Security- 2FA changes

It would be nice to have some security. I can still just click on MYOB on my desktop and I am in. It's been far too long and writing about how important and good you are about security and then not fixing this issue that has been going on for over a week and a half is riduculous.

ERStewart
Contributing User
9 Posts
Contributing User
Contributing User

9Posts

15Kudos

0Solutions

Re: Update -Improved Security- 2FA changes

I need to be able to log into more than one Myob account simultaneously.

 

The changes Myob has made to logging in are not "Improved Security", in fact, it's the complete opposite not to mention the accessibility issues. I have users of varying IT abilities, some of whom are elderly and have difficulty with adding a new online file every time they need to change the company file they're working on, this means I must actively supervise each login change.

becdbc
1 Post
User

1Posts

13Kudos

0Solutions

Re: Update -Improved Security- 2FA changes

I'm sorry, how are you actually "improving security"?!?! Removing the requirement to enter a password when logging in has totally removed all security for this program. At least when we previously selected "trust this device for 30 days", we still had to enter a password to login to the program and select the client files we wanted to work in. Now, all I have to do is click on the MYOB icon on my desktop and I can access any file I want, with no password or any other kind of 2FA required to access the files. This is highly unsecure!! If the security on my computer was to be breached, anyone would have direct access to all of my client files. And who is going to be liable for that??? MYOB??? Is my cyber security going to cover any claim for this??? 

 

And I notice that the new update released yesterday/today has not fixed this issue!

 

MYOB - you need to get this issue sorted out ASAP, unless you are happy to lose clients in droves because that's what is going to happen. We are already looking at moving clients out because you can't provide a secure environment for our client's important data. And if you don't just lose clients, you will more than likely end up getting sued when someone's client's data is breached due to your lack of security.

Maddocks
4 Posts
Cover User
Australia
Cover User

4Posts

16Kudos

0Solutions

Re: Update -Improved Security- 2FA changes

I am not being asked to log on at all.  There is zero security.

Antoon
Experienced User
15 Posts
Experienced User
Experienced User

15Posts

19Kudos

0Solutions

Re: Update -Improved Security- 2FA changes

Why didn't Myob inform it's customers of these changes?

Tip: Put a logout shortcut on the Myob home page.

Debs657
5 Posts
User

5Posts

6Kudos

0Solutions

Re: Update -Improved Security- 2FA changes

This is not improved security. Anyone who has access to my computer and the other computer that has MYOB on it, can log in automatically. No password, no authenticator number. 

 

Your 'improvement' is certainly NOT an improvement. 

 

Insurance company certainly will not be happy that our MYOB program can be accessed by anyone who uses the computers. 

Lmcstack
Experienced User
48 Posts
Experienced User
Experienced User

48Posts

48Kudos

0Solutions

Re: Update -Improved Security- 2FA changes

I'd like to be very clear here, the changes MYOB have made has compromised security!!!

 

When users now exit out of MYOB via the options of either closing the program window using the X or selecting File>Exit, they can now open the program without ANY requirement to log in using a password.  MYOB will immediately lauch the program without any password OR 2FA authentication!!!!!

 

Previously when  you closed the program, you would have to login using a password. Why did MYOB change this and how can you possibly purport that this improves security? 

 

The situation now, is that anyone who has access to my computer could simply open the program and have access to MYOB WITHOUT having to actually login in using a password.

 

I'm sorry, but I fail to see how this is an Improved Security measure.  Are you aware that other programs such as Xero & Quickbooks, require you to login with a password and Xero requires 2FA everytime you login.  Both these programs will also time you out of the program after a period of time, also requiring you to use a password and 2FA to log back in to the program.

 

If the MYOB program is exited in any way, as a matter of security it should require you to login using a password.  No system should allow you to open the program without any authentication or password at all.

 

 

melbdesk
Experienced Cover User
20 Posts
Experienced Cover User
Australia
Experienced Cover User

20Posts

28Kudos

0Solutions

Re: Update -Improved Security- 2FA changes

Well said Lmcstack

Antoon
Experienced User
15 Posts
Experienced User
Experienced User

15Posts

19Kudos

0Solutions

Re: Update -Improved Security- 2FA changes

Well said! 100 percent!

Didn't find your answer here?

Try using advanced search to find a post more easily Advanced Search
or
Get the conversation started and make a new post Start a Post